]>
git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_ap_psk.py
e35914c283d1478a9d86f7e32b6816992b3f461c
2 # Copyright (c) 2014, Qualcomm Atheros, Inc.
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
7 from remotehost
import remote_compatible
9 from Crypto
.Cipher
import AES
13 logger
= logging
.getLogger()
21 from utils
import HwsimSkip
, fail_test
, skip_with_fips
23 from wpasupplicant
import WpaSupplicant
25 def check_mib(dev
, vals
):
29 raise Exception("Unexpected {} = {} (expected {})".format(v
[0], mib
[v
[0]], v
[1]))
32 def test_ap_wpa2_psk(dev
, apdev
):
33 """WPA2-PSK AP with PSK instead of passphrase"""
34 ssid
= "test-wpa2-psk"
35 passphrase
= 'qwertyuiop'
36 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
37 params
= hostapd
.wpa2_params(ssid
=ssid
)
38 params
['wpa_psk'] = psk
39 hapd
= hostapd
.add_ap(apdev
[0], params
)
40 key_mgmt
= hapd
.get_config()['key_mgmt']
41 if key_mgmt
.split(' ')[0] != "WPA-PSK":
42 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
43 dev
[0].connect(ssid
, raw_psk
=psk
, scan_freq
="2412")
44 dev
[1].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
46 sig
= dev
[0].request("SIGNAL_POLL").splitlines()
47 pkt
= dev
[0].request("PKTCNT_POLL").splitlines()
48 if "FREQUENCY=2412" not in sig
:
49 raise Exception("Unexpected SIGNAL_POLL value: " + str(sig
))
50 if "TXBAD=0" not in pkt
:
51 raise Exception("Unexpected TXBAD value: " + str(pkt
))
53 def test_ap_wpa2_psk_file(dev
, apdev
):
54 """WPA2-PSK AP with PSK from a file"""
55 ssid
= "test-wpa2-psk"
56 passphrase
= 'qwertyuiop'
57 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
58 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
59 params
['wpa_psk_file'] = 'hostapd.wpa_psk'
60 hostapd
.add_ap(apdev
[0], params
)
61 dev
[1].connect(ssid
, psk
="very secret", scan_freq
="2412", wait_connect
=False)
62 dev
[2].connect(ssid
, raw_psk
=psk
, scan_freq
="2412")
63 dev
[2].request("REMOVE_NETWORK all")
64 dev
[0].connect(ssid
, psk
="very secret", scan_freq
="2412")
65 dev
[0].request("REMOVE_NETWORK all")
66 dev
[2].connect(ssid
, psk
="another passphrase for all STAs", scan_freq
="2412")
67 dev
[0].connect(ssid
, psk
="another passphrase for all STAs", scan_freq
="2412")
68 ev
= dev
[1].wait_event(["WPA: 4-Way Handshake failed"], timeout
=10)
70 raise Exception("Timed out while waiting for failure report")
71 dev
[1].request("REMOVE_NETWORK all")
73 def check_no_keyid(hapd
, dev
):
75 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=1)
77 raise Exception("No AP-STA-CONNECTED indicated")
79 raise Exception("AP-STA-CONNECTED for unexpected STA")
81 raise Exception("Unexpected keyid indication")
83 def check_keyid(hapd
, dev
, keyid
):
85 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=1)
87 raise Exception("No AP-STA-CONNECTED indicated")
89 raise Exception("AP-STA-CONNECTED for unexpected STA")
90 if "keyid=" + keyid
not in ev
:
91 raise Exception("Incorrect keyid indication")
92 sta
= hapd
.get_sta(addr
)
93 if 'keyid' not in sta
or sta
['keyid'] != keyid
:
94 raise Exception("Incorrect keyid in STA output")
95 dev
.request("REMOVE_NETWORK all")
97 def check_disconnect(dev
, expected
):
100 dev
[i
].wait_disconnected()
101 dev
[i
].request("REMOVE_NETWORK all")
103 ev
= dev
[i
].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout
=0.1)
105 raise Exception("Unexpected disconnection")
106 dev
[i
].request("REMOVE_NETWORK all")
107 dev
[i
].wait_disconnected()
109 def test_ap_wpa2_psk_file_keyid(dev
, apdev
, params
):
110 """WPA2-PSK AP with PSK from a file (keyid and reload)"""
111 psk_file
= os
.path
.join(params
['logdir'], 'ap_wpa2_psk_file_keyid.wpa_psk')
112 with
open(psk_file
, 'w') as f
:
113 f
.write('00:00:00:00:00:00 secret passphrase\n')
114 f
.write('02:00:00:00:00:00 very secret\n')
115 f
.write('00:00:00:00:00:00 another passphrase for all STAs\n')
116 ssid
= "test-wpa2-psk"
117 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
='qwertyuiop')
118 params
['wpa_psk_file'] = psk_file
119 hapd
= hostapd
.add_ap(apdev
[0], params
)
121 dev
[0].connect(ssid
, psk
="very secret", scan_freq
="2412")
122 check_no_keyid(hapd
, dev
[0])
124 dev
[1].connect(ssid
, psk
="another passphrase for all STAs",
126 check_no_keyid(hapd
, dev
[1])
128 dev
[2].connect(ssid
, psk
="qwertyuiop", scan_freq
="2412")
129 check_no_keyid(hapd
, dev
[2])
131 with
open(psk_file
, 'w') as f
:
132 f
.write('00:00:00:00:00:00 secret passphrase\n')
133 f
.write('02:00:00:00:00:00 very secret\n')
134 f
.write('00:00:00:00:00:00 changed passphrase\n')
135 if "OK" not in hapd
.request("RELOAD_WPA_PSK"):
136 raise Exception("RELOAD_WPA_PSK failed")
138 check_disconnect(dev
, [False, True, False])
140 with
open(psk_file
, 'w') as f
:
141 f
.write('00:00:00:00:00:00 secret passphrase\n')
142 f
.write('keyid=foo 02:00:00:00:00:00 very secret\n')
143 f
.write('keyid=bar 00:00:00:00:00:00 another passphrase for all STAs\n')
144 if "OK" not in hapd
.request("RELOAD_WPA_PSK"):
145 raise Exception("RELOAD_WPA_PSK failed")
147 dev
[0].connect(ssid
, psk
="very secret", scan_freq
="2412")
148 check_keyid(hapd
, dev
[0], "foo")
150 dev
[1].connect(ssid
, psk
="another passphrase for all STAs",
152 check_keyid(hapd
, dev
[1], "bar")
154 dev
[2].connect(ssid
, psk
="qwertyuiop", scan_freq
="2412")
155 check_no_keyid(hapd
, dev
[2])
157 dev
[0].wait_disconnected()
158 dev
[0].connect(ssid
, psk
="secret passphrase", scan_freq
="2412")
159 check_no_keyid(hapd
, dev
[0])
161 with
open(psk_file
, 'w') as f
:
163 if "OK" not in hapd
.request("RELOAD_WPA_PSK"):
164 raise Exception("RELOAD_WPA_PSK failed")
166 check_disconnect(dev
, [True, True, False])
169 def test_ap_wpa2_psk_mem(dev
, apdev
):
170 """WPA2-PSK AP with passphrase only in memory"""
172 _test_ap_wpa2_psk_mem(dev
, apdev
)
174 dev
[0].request("SCAN_INTERVAL 5")
175 dev
[1].request("SCAN_INTERVAL 5")
177 def _test_ap_wpa2_psk_mem(dev
, apdev
):
178 ssid
= "test-wpa2-psk"
179 passphrase
= 'qwertyuiop'
180 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
181 params
= hostapd
.wpa2_params(ssid
=ssid
)
182 params
['wpa_psk'] = psk
183 hapd
= hostapd
.add_ap(apdev
[0], params
)
185 dev
[0].connect(ssid
, mem_only_psk
="1", scan_freq
="2412", wait_connect
=False)
186 dev
[0].request("SCAN_INTERVAL 1")
187 ev
= dev
[0].wait_event(["CTRL-REQ-PSK_PASSPHRASE"], timeout
=10)
189 raise Exception("Request for PSK/passphrase timed out")
190 id = ev
.split(':')[0].split('-')[-1]
191 dev
[0].request("CTRL-RSP-PSK_PASSPHRASE-" + id + ':"' + passphrase
+ '"')
192 dev
[0].wait_connected(timeout
=10)
194 dev
[1].connect(ssid
, mem_only_psk
="1", scan_freq
="2412", wait_connect
=False)
195 dev
[1].request("SCAN_INTERVAL 1")
196 ev
= dev
[1].wait_event(["CTRL-REQ-PSK_PASSPHRASE"], timeout
=10)
198 raise Exception("Request for PSK/passphrase timed out(2)")
199 id = ev
.split(':')[0].split('-')[-1]
200 dev
[1].request("CTRL-RSP-PSK_PASSPHRASE-" + id + ':' + psk
)
201 dev
[1].wait_connected(timeout
=10)
204 def test_ap_wpa2_ptk_rekey(dev
, apdev
):
205 """WPA2-PSK AP and PTK rekey enforced by station"""
206 ssid
= "test-wpa2-psk"
207 passphrase
= 'qwertyuiop'
208 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
209 hapd
= hostapd
.add_ap(apdev
[0], params
)
210 dev
[0].connect(ssid
, psk
=passphrase
, wpa_ptk_rekey
="1", scan_freq
="2412")
211 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"])
213 raise Exception("PTK rekey timed out")
214 hwsim_utils
.test_connectivity(dev
[0], hapd
)
216 def test_ap_wpa2_ptk_rekey_anonce(dev
, apdev
):
217 """WPA2-PSK AP and PTK rekey enforced by station and ANonce change"""
218 ssid
= "test-wpa2-psk"
219 passphrase
= 'qwertyuiop'
220 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
221 hapd
= hostapd
.add_ap(apdev
[0], params
)
222 dev
[0].connect(ssid
, psk
=passphrase
, wpa_ptk_rekey
="1", scan_freq
="2412")
223 dev
[0].dump_monitor()
224 anonce1
= dev
[0].request("GET anonce")
225 if "OK" not in dev
[0].request("KEY_REQUEST 0 1"):
226 raise Exception("KEY_REQUEST failed")
227 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"])
229 raise Exception("PTK rekey timed out")
230 anonce2
= dev
[0].request("GET anonce")
231 if anonce1
== anonce2
:
232 raise Exception("AP did not update ANonce in requested PTK rekeying")
233 hwsim_utils
.test_connectivity(dev
[0], hapd
)
236 def test_ap_wpa2_ptk_rekey_ap(dev
, apdev
):
237 """WPA2-PSK AP and PTK rekey enforced by AP"""
238 ssid
= "test-wpa2-psk"
239 passphrase
= 'qwertyuiop'
240 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
241 params
['wpa_ptk_rekey'] = '2'
242 hapd
= hostapd
.add_ap(apdev
[0], params
)
243 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
244 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"])
246 raise Exception("PTK rekey timed out")
247 hwsim_utils
.test_connectivity(dev
[0], hapd
)
250 def test_ap_wpa2_sha256_ptk_rekey(dev
, apdev
):
251 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by station"""
252 ssid
= "test-wpa2-psk"
253 passphrase
= 'qwertyuiop'
254 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
255 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
256 hapd
= hostapd
.add_ap(apdev
[0], params
)
257 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK-SHA256",
258 wpa_ptk_rekey
="1", scan_freq
="2412")
259 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"])
261 raise Exception("PTK rekey timed out")
262 hwsim_utils
.test_connectivity(dev
[0], hapd
)
263 check_mib(dev
[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
264 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6")])
267 def test_ap_wpa2_sha256_ptk_rekey_ap(dev
, apdev
):
268 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by AP"""
269 ssid
= "test-wpa2-psk"
270 passphrase
= 'qwertyuiop'
271 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
272 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
273 params
['wpa_ptk_rekey'] = '2'
274 hapd
= hostapd
.add_ap(apdev
[0], params
)
275 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK-SHA256",
277 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"])
279 raise Exception("PTK rekey timed out")
280 hwsim_utils
.test_connectivity(dev
[0], hapd
)
281 check_mib(dev
[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
282 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6")])
285 def test_ap_wpa_ptk_rekey(dev
, apdev
):
286 """WPA-PSK/TKIP AP and PTK rekey enforced by station"""
287 skip_with_fips(dev
[0])
288 ssid
= "test-wpa-psk"
289 passphrase
= 'qwertyuiop'
290 params
= hostapd
.wpa_params(ssid
=ssid
, passphrase
=passphrase
)
291 hapd
= hostapd
.add_ap(apdev
[0], params
)
292 dev
[0].connect(ssid
, psk
=passphrase
, wpa_ptk_rekey
="1", scan_freq
="2412")
293 if "[WPA-PSK-TKIP]" not in dev
[0].request("SCAN_RESULTS"):
294 raise Exception("Scan results missing WPA element info")
295 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"])
297 raise Exception("PTK rekey timed out")
298 hwsim_utils
.test_connectivity(dev
[0], hapd
)
301 def test_ap_wpa_ptk_rekey_ap(dev
, apdev
):
302 """WPA-PSK/TKIP AP and PTK rekey enforced by AP"""
303 skip_with_fips(dev
[0])
304 ssid
= "test-wpa-psk"
305 passphrase
= 'qwertyuiop'
306 params
= hostapd
.wpa_params(ssid
=ssid
, passphrase
=passphrase
)
307 params
['wpa_ptk_rekey'] = '2'
308 hapd
= hostapd
.add_ap(apdev
[0], params
)
309 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
310 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"], timeout
=10)
312 raise Exception("PTK rekey timed out")
313 hwsim_utils
.test_connectivity(dev
[0], hapd
)
316 def test_ap_wpa_ccmp(dev
, apdev
):
318 ssid
= "test-wpa-psk"
319 passphrase
= 'qwertyuiop'
320 params
= hostapd
.wpa_params(ssid
=ssid
, passphrase
=passphrase
)
321 params
['wpa_pairwise'] = "CCMP"
322 hapd
= hostapd
.add_ap(apdev
[0], params
)
323 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
324 hwsim_utils
.test_connectivity(dev
[0], hapd
)
325 check_mib(dev
[0], [("dot11RSNAConfigGroupCipherSize", "128"),
326 ("dot11RSNAGroupCipherRequested", "00-50-f2-4"),
327 ("dot11RSNAPairwiseCipherRequested", "00-50-f2-4"),
328 ("dot11RSNAAuthenticationSuiteRequested", "00-50-f2-2"),
329 ("dot11RSNAGroupCipherSelected", "00-50-f2-4"),
330 ("dot11RSNAPairwiseCipherSelected", "00-50-f2-4"),
331 ("dot11RSNAAuthenticationSuiteSelected", "00-50-f2-2"),
332 ("dot1xSuppSuppControlledPortStatus", "Authorized")])
334 def test_ap_wpa2_psk_file_errors(dev
, apdev
):
335 """WPA2-PSK AP with various PSK file error and success cases"""
336 addr0
= dev
[0].own_addr()
337 addr1
= dev
[1].own_addr()
338 addr2
= dev
[2].own_addr()
340 pskfile
= "/tmp/ap_wpa2_psk_file_errors.psk_file"
346 params
= {"ssid": ssid
, "wpa": "2", "wpa_key_mgmt": "WPA-PSK",
347 "rsn_pairwise": "CCMP", "wpa_psk_file": pskfile
}
351 hapd
= hostapd
.add_ap(apdev
[0], params
, no_enable
=True)
352 if "FAIL" not in hapd
.request("ENABLE"):
353 raise Exception("Unexpected ENABLE success")
354 hapd
.request("DISABLE")
356 # invalid MAC address
357 with
open(pskfile
, "w") as f
:
360 if "FAIL" not in hapd
.request("ENABLE"):
361 raise Exception("Unexpected ENABLE success")
362 hapd
.request("DISABLE")
365 with
open(pskfile
, "w") as f
:
366 f
.write("00:11:22:33:44:55\n")
367 if "FAIL" not in hapd
.request("ENABLE"):
368 raise Exception("Unexpected ENABLE success")
369 hapd
.request("DISABLE")
372 with
open(pskfile
, "w") as f
:
373 f
.write("00:11:22:33:44:55 1234567\n")
374 if "FAIL" not in hapd
.request("ENABLE"):
375 raise Exception("Unexpected ENABLE success")
376 hapd
.request("DISABLE")
378 # empty token at the end of the line
379 with
open(pskfile
, "w") as f
:
381 if "FAIL" not in hapd
.request("ENABLE"):
382 raise Exception("Unexpected ENABLE success")
383 hapd
.request("DISABLE")
386 with
open(pskfile
, "w") as f
:
387 f
.write("00:11:22:33:44:55 12345678\n")
388 f
.write(addr0
+ " 123456789\n")
389 f
.write(addr1
+ " 123456789a\n")
390 f
.write(addr2
+ " 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n")
391 if "FAIL" in hapd
.request("ENABLE"):
392 raise Exception("Unexpected ENABLE failure")
394 dev
[0].connect(ssid
, psk
="123456789", scan_freq
="2412")
395 dev
[1].connect(ssid
, psk
="123456789a", scan_freq
="2412")
396 dev
[2].connect(ssid
, raw_psk
="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", scan_freq
="2412")
405 def test_ap_wpa2_psk_wildcard_ssid(dev
, apdev
):
406 """WPA2-PSK AP and wildcard SSID configuration"""
407 ssid
= "test-wpa2-psk"
408 passphrase
= 'qwertyuiop'
409 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
410 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
411 hapd
= hostapd
.add_ap(apdev
[0], params
)
412 dev
[0].connect("", bssid
=apdev
[0]['bssid'], psk
=passphrase
,
414 dev
[1].connect("", bssid
=apdev
[0]['bssid'], raw_psk
=psk
, scan_freq
="2412")
417 def test_ap_wpa2_gtk_rekey(dev
, apdev
):
418 """WPA2-PSK AP and GTK rekey enforced by AP"""
419 ssid
= "test-wpa2-psk"
420 passphrase
= 'qwertyuiop'
421 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
422 params
['wpa_group_rekey'] = '1'
423 hapd
= hostapd
.add_ap(apdev
[0], params
)
424 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
425 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
427 raise Exception("GTK rekey timed out")
428 hwsim_utils
.test_connectivity(dev
[0], hapd
)
430 def test_ap_wpa2_gtk_rekey_request(dev
, apdev
):
431 """WPA2-PSK AP and GTK rekey by AP request"""
432 ssid
= "test-wpa2-psk"
433 passphrase
= 'qwertyuiop'
434 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
435 hapd
= hostapd
.add_ap(apdev
[0], params
)
436 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
437 if "OK" not in hapd
.request("REKEY_GTK"):
438 raise Exception("REKEY_GTK failed")
439 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
441 raise Exception("GTK rekey timed out")
442 hwsim_utils
.test_connectivity(dev
[0], hapd
)
445 def test_ap_wpa_gtk_rekey(dev
, apdev
):
446 """WPA-PSK/TKIP AP and GTK rekey enforced by AP"""
447 skip_with_fips(dev
[0])
448 ssid
= "test-wpa-psk"
449 passphrase
= 'qwertyuiop'
450 params
= hostapd
.wpa_params(ssid
=ssid
, passphrase
=passphrase
)
451 params
['wpa_group_rekey'] = '1'
452 hapd
= hostapd
.add_ap(apdev
[0], params
)
453 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
454 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
456 raise Exception("GTK rekey timed out")
457 hwsim_utils
.test_connectivity(dev
[0], hapd
)
460 def test_ap_wpa2_gmk_rekey(dev
, apdev
):
461 """WPA2-PSK AP and GMK and GTK rekey enforced by AP"""
462 ssid
= "test-wpa2-psk"
463 passphrase
= 'qwertyuiop'
464 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
465 params
['wpa_group_rekey'] = '1'
466 params
['wpa_gmk_rekey'] = '2'
467 hapd
= hostapd
.add_ap(apdev
[0], params
)
468 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
469 for i
in range(0, 3):
470 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
472 raise Exception("GTK rekey timed out")
473 hwsim_utils
.test_connectivity(dev
[0], hapd
)
476 def test_ap_wpa2_strict_rekey(dev
, apdev
):
477 """WPA2-PSK AP and strict GTK rekey enforced by AP"""
478 ssid
= "test-wpa2-psk"
479 passphrase
= 'qwertyuiop'
480 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
481 params
['wpa_strict_rekey'] = '1'
482 hapd
= hostapd
.add_ap(apdev
[0], params
)
483 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
484 dev
[1].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
485 dev
[1].request("DISCONNECT")
486 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
488 raise Exception("GTK rekey timed out")
489 hwsim_utils
.test_connectivity(dev
[0], hapd
)
492 def test_ap_wpa2_bridge_fdb(dev
, apdev
):
493 """Bridge FDB entry removal"""
496 ssid
= "test-wpa2-psk"
497 passphrase
= "12345678"
498 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
499 params
['bridge'] = 'ap-br0'
500 hapd
= hostapd
.add_ap(apdev
[0], params
)
501 hapd
.cmd_execute(['brctl', 'setfd', 'ap-br0', '0'])
502 hapd
.cmd_execute(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
503 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412",
504 bssid
=apdev
[0]['bssid'])
505 dev
[1].connect(ssid
, psk
=passphrase
, scan_freq
="2412",
506 bssid
=apdev
[0]['bssid'])
507 addr0
= dev
[0].p2p_interface_addr()
508 hwsim_utils
.test_connectivity_sta(dev
[0], dev
[1])
509 err
, macs1
= hapd
.cmd_execute(['brctl', 'showmacs', 'ap-br0'])
510 hapd
.cmd_execute(['brctl', 'setageing', 'ap-br0', '1'])
511 dev
[0].request("DISCONNECT")
512 dev
[1].request("DISCONNECT")
514 err
, macs2
= hapd
.cmd_execute(['brctl', 'showmacs', 'ap-br0'])
516 addr1
= dev
[1].p2p_interface_addr()
517 if addr0
not in macs1
or addr1
not in macs1
:
518 raise Exception("Bridge FDB entry missing")
519 if addr0
in macs2
or addr1
in macs2
:
520 raise Exception("Bridge FDB entry was not removed")
522 hostapd
.cmd_execute(apdev
[0], ['ip', 'link', 'set', 'dev', 'ap-br0',
524 hostapd
.cmd_execute(apdev
[0], ['brctl', 'delbr', 'ap-br0'])
527 def test_ap_wpa2_already_in_bridge(dev
, apdev
):
528 """hostapd behavior with interface already in bridge"""
529 ifname
= apdev
[0]['ifname']
530 br_ifname
= 'ext-ap-br0'
532 ssid
= "test-wpa2-psk"
533 passphrase
= "12345678"
534 hostapd
.cmd_execute(apdev
[0], ['brctl', 'addbr', br_ifname
])
535 hostapd
.cmd_execute(apdev
[0], ['brctl', 'setfd', br_ifname
, '0'])
536 hostapd
.cmd_execute(apdev
[0], ['ip', 'link', 'set', 'dev', br_ifname
,
538 hostapd
.cmd_execute(apdev
[0], ['iw', ifname
, 'set', 'type', '__ap'])
539 hostapd
.cmd_execute(apdev
[0], ['brctl', 'addif', br_ifname
, ifname
])
540 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
541 hapd
= hostapd
.add_ap(apdev
[0], params
)
542 if hapd
.get_driver_status_field('brname') != br_ifname
:
543 raise Exception("Bridge name not identified correctly")
544 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
546 hostapd
.cmd_execute(apdev
[0], ['ip', 'link', 'set', 'dev', br_ifname
,
548 hostapd
.cmd_execute(apdev
[0], ['brctl', 'delif', br_ifname
, ifname
])
549 hostapd
.cmd_execute(apdev
[0], ['iw', ifname
, 'set', 'type', 'station'])
550 hostapd
.cmd_execute(apdev
[0], ['brctl', 'delbr', br_ifname
])
553 def test_ap_wpa2_in_different_bridge(dev
, apdev
):
554 """hostapd behavior with interface in different bridge"""
555 ifname
= apdev
[0]['ifname']
556 br_ifname
= 'ext-ap-br0'
558 ssid
= "test-wpa2-psk"
559 passphrase
= "12345678"
560 hostapd
.cmd_execute(apdev
[0], ['brctl', 'addbr', br_ifname
])
561 hostapd
.cmd_execute(apdev
[0], ['brctl', 'setfd', br_ifname
, '0'])
562 hostapd
.cmd_execute(apdev
[0], ['ip', 'link', 'set', 'dev', br_ifname
,
564 hostapd
.cmd_execute(apdev
[0], ['iw', ifname
, 'set', 'type', '__ap'])
565 hostapd
.cmd_execute(apdev
[0], ['brctl', 'addif', br_ifname
, ifname
])
567 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
568 params
['bridge'] = 'ap-br0'
569 hapd
= hostapd
.add_ap(apdev
[0], params
)
570 hostapd
.cmd_execute(apdev
[0], ['brctl', 'setfd', 'ap-br0', '0'])
571 hostapd
.cmd_execute(apdev
[0], ['ip', 'link', 'set', 'dev', 'ap-br0',
573 brname
= hapd
.get_driver_status_field('brname')
574 if brname
!= 'ap-br0':
575 raise Exception("Incorrect bridge: " + brname
)
576 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
577 hwsim_utils
.test_connectivity_iface(dev
[0], hapd
, "ap-br0")
578 if hapd
.get_driver_status_field("added_bridge") != "1":
579 raise Exception("Unexpected added_bridge value")
580 if hapd
.get_driver_status_field("added_if_into_bridge") != "1":
581 raise Exception("Unexpected added_if_into_bridge value")
582 dev
[0].request("DISCONNECT")
585 hostapd
.cmd_execute(apdev
[0], ['ip', 'link', 'set', 'dev', br_ifname
,
587 hostapd
.cmd_execute(apdev
[0], ['brctl', 'delif', br_ifname
, ifname
,
588 "2>", "/dev/null"], shell
=True)
589 hostapd
.cmd_execute(apdev
[0], ['brctl', 'delbr', br_ifname
])
592 def test_ap_wpa2_ext_add_to_bridge(dev
, apdev
):
593 """hostapd behavior with interface added to bridge externally"""
594 ifname
= apdev
[0]['ifname']
595 br_ifname
= 'ext-ap-br0'
597 ssid
= "test-wpa2-psk"
598 passphrase
= "12345678"
599 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
600 hapd
= hostapd
.add_ap(apdev
[0], params
)
602 hostapd
.cmd_execute(apdev
[0], ['brctl', 'addbr', br_ifname
])
603 hostapd
.cmd_execute(apdev
[0], ['brctl', 'setfd', br_ifname
, '0'])
604 hostapd
.cmd_execute(apdev
[0], ['ip', 'link', 'set', 'dev', br_ifname
,
606 hostapd
.cmd_execute(apdev
[0], ['brctl', 'addif', br_ifname
, ifname
])
607 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
608 if hapd
.get_driver_status_field('brname') != br_ifname
:
609 raise Exception("Bridge name not identified correctly")
611 hostapd
.cmd_execute(apdev
[0], ['ip', 'link', 'set', 'dev', br_ifname
,
613 hostapd
.cmd_execute(apdev
[0], ['brctl', 'delif', br_ifname
, ifname
])
614 hostapd
.cmd_execute(apdev
[0], ['brctl', 'delbr', br_ifname
])
616 def test_ap_wpa2_psk_ext(dev
, apdev
):
617 """WPA2-PSK AP using external EAPOL I/O"""
618 bssid
= apdev
[0]['bssid']
619 ssid
= "test-wpa2-psk"
620 passphrase
= 'qwertyuiop'
621 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
622 params
= hostapd
.wpa2_params(ssid
=ssid
)
623 params
['wpa_psk'] = psk
624 hapd
= hostapd
.add_ap(apdev
[0], params
)
625 hapd
.request("SET ext_eapol_frame_io 1")
626 dev
[0].request("SET ext_eapol_frame_io 1")
627 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
628 addr
= dev
[0].p2p_interface_addr()
630 ev
= hapd
.wait_event(["EAPOL-TX", "AP-STA-CONNECTED"], timeout
=15)
632 raise Exception("Timeout on EAPOL-TX from hostapd")
633 if "AP-STA-CONNECTED" in ev
:
634 dev
[0].wait_connected(timeout
=15)
636 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
638 raise Exception("EAPOL_RX to wpa_supplicant failed")
639 ev
= dev
[0].wait_event(["EAPOL-TX", "CTRL-EVENT-CONNECTED"], timeout
=15)
641 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
642 if "CTRL-EVENT-CONNECTED" in ev
:
644 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
646 raise Exception("EAPOL_RX to hostapd failed")
648 def test_ap_wpa2_psk_ext_retry_msg_3(dev
, apdev
):
649 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4"""
650 bssid
= apdev
[0]['bssid']
651 ssid
= "test-wpa2-psk"
652 passphrase
= 'qwertyuiop'
653 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
654 params
= hostapd
.wpa2_params(ssid
=ssid
)
655 params
['wpa_psk'] = psk
656 hapd
= hostapd
.add_ap(apdev
[0], params
)
657 hapd
.request("SET ext_eapol_frame_io 1")
658 dev
[0].request("SET ext_eapol_frame_io 1")
659 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
660 addr
= dev
[0].p2p_interface_addr()
663 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
665 raise Exception("Timeout on EAPOL-TX from hostapd")
666 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
668 raise Exception("EAPOL_RX to wpa_supplicant failed")
671 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
673 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
674 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
676 raise Exception("EAPOL_RX to hostapd failed")
679 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
681 raise Exception("Timeout on EAPOL-TX from hostapd")
682 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
684 raise Exception("EAPOL_RX to wpa_supplicant failed")
687 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
689 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
690 # Do not send to the AP
691 dev
[0].wait_connected(timeout
=15)
693 # EAPOL-Key msg 3/4 (retry)
694 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
696 raise Exception("Timeout on EAPOL-TX from hostapd")
697 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
699 raise Exception("EAPOL_RX to wpa_supplicant failed")
702 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
704 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
705 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
707 raise Exception("EAPOL_RX to hostapd failed")
709 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=15)
711 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
713 hwsim_utils
.test_connectivity(dev
[0], hapd
)
715 def test_ap_wpa2_psk_ext_retry_msg_3b(dev
, apdev
):
716 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (b)"""
717 bssid
= apdev
[0]['bssid']
718 ssid
= "test-wpa2-psk"
719 passphrase
= 'qwertyuiop'
720 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
721 params
= hostapd
.wpa2_params(ssid
=ssid
)
722 params
['wpa_psk'] = psk
723 hapd
= hostapd
.add_ap(apdev
[0], params
)
724 hapd
.request("SET ext_eapol_frame_io 1")
725 dev
[0].request("SET ext_eapol_frame_io 1")
726 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
727 addr
= dev
[0].p2p_interface_addr()
730 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
732 raise Exception("Timeout on EAPOL-TX from hostapd")
733 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
735 raise Exception("EAPOL_RX to wpa_supplicant failed")
738 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
740 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
741 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
743 raise Exception("EAPOL_RX to hostapd failed")
746 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
748 raise Exception("Timeout on EAPOL-TX from hostapd")
749 # Do not send the first msg 3/4 to the STA yet; wait for retransmission
753 # EAPOL-Key msg 3/4 (retry)
754 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
756 raise Exception("Timeout on EAPOL-TX from hostapd")
759 # Send the first msg 3/4 to STA
760 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg3_1
.split(' ')[2])
762 raise Exception("EAPOL_RX to wpa_supplicant failed")
765 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
767 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
768 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
770 raise Exception("EAPOL_RX to hostapd failed")
771 dev
[0].wait_connected(timeout
=15)
772 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=15)
774 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
776 hwsim_utils
.test_connectivity(dev
[0], hapd
)
778 # Send the second msg 3/4 to STA
779 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg3_2
.split(' ')[2])
781 raise Exception("EAPOL_RX to wpa_supplicant failed")
783 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
785 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
786 # Do not send the second msg 4/4 to the AP
788 hwsim_utils
.test_connectivity(dev
[0], hapd
)
790 def test_ap_wpa2_psk_ext_retry_msg_3c(dev
, apdev
):
791 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (c)"""
792 bssid
= apdev
[0]['bssid']
793 ssid
= "test-wpa2-psk"
794 passphrase
= 'qwertyuiop'
795 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
796 params
= hostapd
.wpa2_params(ssid
=ssid
)
797 params
['wpa_psk'] = psk
798 hapd
= hostapd
.add_ap(apdev
[0], params
)
799 hapd
.request("SET ext_eapol_frame_io 1")
800 dev
[0].request("SET ext_eapol_frame_io 1")
801 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
802 addr
= dev
[0].p2p_interface_addr()
805 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
807 raise Exception("Timeout on EAPOL-TX from hostapd")
808 msg1
= ev
.split(' ')[2]
809 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg1
)
811 raise Exception("EAPOL_RX to wpa_supplicant failed")
814 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
816 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
817 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
819 raise Exception("EAPOL_RX to hostapd failed")
822 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
824 raise Exception("Timeout on EAPOL-TX from hostapd")
825 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
827 raise Exception("EAPOL_RX to wpa_supplicant failed")
830 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
832 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
833 msg4
= ev
.split(' ')[2]
834 # Do not send msg 4/4 to hostapd to trigger retry
836 # STA believes everything is ready
837 dev
[0].wait_connected()
839 # EAPOL-Key msg 3/4 (retry)
840 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
842 raise Exception("Timeout on EAPOL-TX from hostapd")
843 msg3
= ev
.split(' ')[2]
845 # Send a forged msg 1/4 to STA (update replay counter)
846 msg1b
= msg1
[0:18] + msg3
[18:34] + msg1
[34:]
847 # and replace nonce (this results in "WPA: ANonce from message 1 of
848 # 4-Way Handshake differs from 3 of 4-Way Handshake - drop packet" when
849 # wpa_supplicant processed msg 3/4 afterwards)
850 #msg1b = msg1[0:18] + msg3[18:34] + 32*"ff" + msg1[98:]
851 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg1b
)
853 raise Exception("EAPOL_RX to wpa_supplicant failed")
855 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=1)
857 # wpa_supplicant seems to have ignored the forged message. This means
858 # the attack would fail.
859 logger
.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4")
861 # Do not send msg 2/4 to hostapd
863 # Send previously received msg 3/4 to STA
864 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg3
)
866 raise Exception("EAPOL_RX to wpa_supplicant failed")
869 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
871 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
872 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
874 raise Exception("EAPOL_RX to hostapd failed")
876 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=15)
878 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
880 hwsim_utils
.test_connectivity(dev
[0], hapd
)
882 def test_ap_wpa2_psk_ext_retry_msg_3d(dev
, apdev
):
883 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (d)"""
884 bssid
= apdev
[0]['bssid']
885 ssid
= "test-wpa2-psk"
886 passphrase
= 'qwertyuiop'
887 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
888 params
= hostapd
.wpa2_params(ssid
=ssid
)
889 params
['wpa_psk'] = psk
890 hapd
= hostapd
.add_ap(apdev
[0], params
)
891 hapd
.request("SET ext_eapol_frame_io 1")
892 dev
[0].request("SET ext_eapol_frame_io 1")
893 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
894 addr
= dev
[0].p2p_interface_addr()
897 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
899 raise Exception("Timeout on EAPOL-TX from hostapd")
900 msg1
= ev
.split(' ')[2]
901 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg1
)
903 raise Exception("EAPOL_RX to wpa_supplicant failed")
906 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
908 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
909 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
911 raise Exception("EAPOL_RX to hostapd failed")
914 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
916 raise Exception("Timeout on EAPOL-TX from hostapd")
917 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
919 raise Exception("EAPOL_RX to wpa_supplicant failed")
922 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
924 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
925 msg4
= ev
.split(' ')[2]
926 # Do not send msg 4/4 to hostapd to trigger retry
928 # STA believes everything is ready
929 dev
[0].wait_connected()
931 # EAPOL-Key msg 3/4 (retry)
932 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
934 raise Exception("Timeout on EAPOL-TX from hostapd")
935 msg3
= ev
.split(' ')[2]
937 # Send a forged msg 1/4 to STA (update replay counter)
938 msg1b
= msg1
[0:18] + msg3
[18:34] + msg1
[34:]
939 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg1b
)
941 raise Exception("EAPOL_RX to wpa_supplicant failed")
943 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=1)
945 # wpa_supplicant seems to have ignored the forged message. This means
946 # the attack would fail.
947 logger
.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4")
949 # Do not send msg 2/4 to hostapd
951 # EAPOL-Key msg 3/4 (retry 2)
952 # New one needed to get the correct Replay Counter value
953 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
955 raise Exception("Timeout on EAPOL-TX from hostapd")
956 msg3
= ev
.split(' ')[2]
958 # Send msg 3/4 to STA
959 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg3
)
961 raise Exception("EAPOL_RX to wpa_supplicant failed")
964 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
966 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
967 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
969 raise Exception("EAPOL_RX to hostapd failed")
971 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=15)
973 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
975 hwsim_utils
.test_connectivity(dev
[0], hapd
)
977 def test_ap_wpa2_psk_ext_retry_msg_3e(dev
, apdev
):
978 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (e)"""
979 bssid
= apdev
[0]['bssid']
980 ssid
= "test-wpa2-psk"
981 passphrase
= 'qwertyuiop'
982 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
983 params
= hostapd
.wpa2_params(ssid
=ssid
)
984 params
['wpa_psk'] = psk
985 hapd
= hostapd
.add_ap(apdev
[0], params
)
986 hapd
.request("SET ext_eapol_frame_io 1")
987 dev
[0].request("SET ext_eapol_frame_io 1")
988 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
989 addr
= dev
[0].p2p_interface_addr()
992 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
994 raise Exception("Timeout on EAPOL-TX from hostapd")
995 msg1
= ev
.split(' ')[2]
996 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg1
)
998 raise Exception("EAPOL_RX to wpa_supplicant failed")
1001 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
1003 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1004 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
1006 raise Exception("EAPOL_RX to hostapd failed")
1009 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
1011 raise Exception("Timeout on EAPOL-TX from hostapd")
1012 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
1014 raise Exception("EAPOL_RX to wpa_supplicant failed")
1017 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
1019 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1020 msg4
= ev
.split(' ')[2]
1021 # Do not send msg 4/4 to hostapd to trigger retry
1023 # STA believes everything is ready
1024 dev
[0].wait_connected()
1026 # EAPOL-Key msg 3/4 (retry)
1027 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
1029 raise Exception("Timeout on EAPOL-TX from hostapd")
1030 msg3
= ev
.split(' ')[2]
1032 # Send a forged msg 1/4 to STA (update replay counter and replace ANonce)
1033 msg1b
= msg1
[0:18] + msg3
[18:34] + 32*"ff" + msg1
[98:]
1034 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg1b
)
1036 raise Exception("EAPOL_RX to wpa_supplicant failed")
1038 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=1)
1040 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1041 # Do not send msg 2/4 to hostapd
1043 # Send a forged msg 1/4 to STA (back to previously used ANonce)
1044 msg1b
= msg1
[0:18] + msg3
[18:34] + msg1
[34:]
1045 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg1b
)
1047 raise Exception("EAPOL_RX to wpa_supplicant failed")
1049 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=1)
1051 # wpa_supplicant seems to have ignored the forged message. This means
1052 # the attack would fail.
1053 logger
.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4")
1055 # Do not send msg 2/4 to hostapd
1057 # EAPOL-Key msg 3/4 (retry 2)
1058 # New one needed to get the correct Replay Counter value
1059 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
1061 raise Exception("Timeout on EAPOL-TX from hostapd")
1062 msg3
= ev
.split(' ')[2]
1064 # Send msg 3/4 to STA
1065 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg3
)
1067 raise Exception("EAPOL_RX to wpa_supplicant failed")
1070 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
1072 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1073 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
1075 raise Exception("EAPOL_RX to hostapd failed")
1077 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=15)
1079 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
1081 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1083 def test_ap_wpa2_psk_ext_delayed_ptk_rekey(dev
, apdev
):
1084 """WPA2-PSK AP using external EAPOL I/O and delayed PTK rekey exchange"""
1085 bssid
= apdev
[0]['bssid']
1086 ssid
= "test-wpa2-psk"
1087 passphrase
= 'qwertyuiop'
1088 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
1089 params
= hostapd
.wpa2_params(ssid
=ssid
)
1090 params
['wpa_psk'] = psk
1091 params
['wpa_ptk_rekey'] = '3'
1092 hapd
= hostapd
.add_ap(apdev
[0], params
)
1093 hapd
.request("SET ext_eapol_frame_io 1")
1094 dev
[0].request("SET ext_eapol_frame_io 1")
1095 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
1096 addr
= dev
[0].p2p_interface_addr()
1099 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
1101 raise Exception("Timeout on EAPOL-TX from hostapd")
1102 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
1104 raise Exception("EAPOL_RX to wpa_supplicant failed")
1107 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
1109 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1110 msg2
= ev
.split(' ')[2]
1111 # Do not send this to the AP
1113 # EAPOL-Key msg 1/4 (retry)
1114 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
1116 raise Exception("Timeout on EAPOL-TX from hostapd")
1117 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
1119 raise Exception("EAPOL_RX to wpa_supplicant failed")
1122 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
1124 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1125 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
1127 raise Exception("EAPOL_RX to hostapd failed")
1130 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
1132 raise Exception("Timeout on EAPOL-TX from hostapd")
1133 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
1135 raise Exception("EAPOL_RX to wpa_supplicant failed")
1138 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
1140 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1141 msg4
= ev
.split(' ')[2]
1142 # Do not send msg 4/4 to AP
1144 # EAPOL-Key msg 3/4 (retry)
1145 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
1147 raise Exception("Timeout on EAPOL-TX from hostapd")
1148 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
1150 raise Exception("EAPOL_RX to wpa_supplicant failed")
1153 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
1155 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1156 msg4b
= ev
.split(' ')[2]
1157 # Do not send msg 4/4 to AP
1159 # Send the previous EAPOL-Key msg 4/4 to AP
1160 res
= hapd
.request("EAPOL_RX " + addr
+ " " + msg4
)
1162 raise Exception("EAPOL_RX to hostapd failed")
1164 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=15)
1166 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
1168 # Wait for PTK rekeying to be initialized
1170 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
1172 raise Exception("Timeout on EAPOL-TX from hostapd")
1174 # EAPOL-Key msg 2/4 from the previous 4-way handshake
1175 # hostapd is expected to ignore this due to unexpected Replay Counter
1176 res
= hapd
.request("EAPOL_RX " + addr
+ " " + msg2
)
1178 raise Exception("EAPOL_RX to hostapd failed")
1180 # EAPOL-Key msg 3/4 (actually, this ends up being retransmitted 1/4)
1181 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
1183 raise Exception("Timeout on EAPOL-TX from hostapd")
1184 keyinfo
= ev
.split(' ')[2][10:14]
1185 if keyinfo
!= "008a":
1186 raise Exception("Unexpected key info when expected msg 1/4:" + keyinfo
)
1188 # EAPOL-Key msg 4/4 from the previous 4-way handshake
1189 # hostapd is expected to ignore this due to unexpected Replay Counter
1190 res
= hapd
.request("EAPOL_RX " + addr
+ " " + msg4b
)
1192 raise Exception("EAPOL_RX to hostapd failed")
1194 # Check if any more EAPOL-Key frames are seen. If the second 4-way handshake
1195 # was accepted, there would be no more EAPOL-Key frames. If the Replay
1196 # Counters were rejected, there would be a retransmitted msg 1/4 here.
1197 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=1)
1199 raise Exception("Did not see EAPOL-TX from hostapd in the end (expected msg 1/4)")
1200 keyinfo
= ev
.split(' ')[2][10:14]
1201 if keyinfo
!= "008a":
1202 raise Exception("Unexpected key info when expected msg 1/4:" + keyinfo
)
1204 def parse_eapol(data
):
1205 (version
, type, length
) = struct
.unpack('>BBH', data
[0:4])
1207 if length
> len(payload
):
1208 raise Exception("Invalid EAPOL length")
1209 if length
< len(payload
):
1210 payload
= payload
[0:length
]
1212 eapol
['version'] = version
1213 eapol
['type'] = type
1214 eapol
['length'] = length
1215 eapol
['payload'] = payload
1218 (eapol
['descr_type'],) = struct
.unpack('B', payload
[0:1])
1219 payload
= payload
[1:]
1220 if eapol
['descr_type'] == 2 or eapol
['descr_type'] == 254:
1222 (key_info
, key_len
) = struct
.unpack('>HH', payload
[0:4])
1223 eapol
['rsn_key_info'] = key_info
1224 eapol
['rsn_key_len'] = key_len
1225 eapol
['rsn_replay_counter'] = payload
[4:12]
1226 eapol
['rsn_key_nonce'] = payload
[12:44]
1227 eapol
['rsn_key_iv'] = payload
[44:60]
1228 eapol
['rsn_key_rsc'] = payload
[60:68]
1229 eapol
['rsn_key_id'] = payload
[68:76]
1230 eapol
['rsn_key_mic'] = payload
[76:92]
1231 payload
= payload
[92:]
1232 (eapol
['rsn_key_data_len'],) = struct
.unpack('>H', payload
[0:2])
1233 payload
= payload
[2:]
1234 eapol
['rsn_key_data'] = payload
1237 def build_eapol(msg
):
1238 data
= struct
.pack(">BBH", msg
['version'], msg
['type'], msg
['length'])
1239 if msg
['type'] == 3:
1240 data
+= struct
.pack('>BHH', msg
['descr_type'], msg
['rsn_key_info'],
1242 data
+= msg
['rsn_replay_counter']
1243 data
+= msg
['rsn_key_nonce']
1244 data
+= msg
['rsn_key_iv']
1245 data
+= msg
['rsn_key_rsc']
1246 data
+= msg
['rsn_key_id']
1247 data
+= msg
['rsn_key_mic']
1248 data
+= struct
.pack('>H', msg
['rsn_key_data_len'])
1249 data
+= msg
['rsn_key_data']
1251 data
+= msg
['payload']
1254 def sha1_prf(key
, label
, data
, outlen
):
1258 m
= hmac
.new(key
, label
.encode(), hashlib
.sha1
)
1259 m
.update(struct
.pack('B', 0))
1261 m
.update(struct
.pack('B', counter
))
1264 if outlen
> len(hash):
1268 res
+= hash[0:outlen
]
1272 def pmk_to_ptk(pmk
, addr1
, addr2
, nonce1
, nonce2
):
1274 data
= binascii
.unhexlify(addr1
.replace(':', '')) + binascii
.unhexlify(addr2
.replace(':', ''))
1276 data
= binascii
.unhexlify(addr2
.replace(':', '')) + binascii
.unhexlify(addr1
.replace(':', ''))
1278 data
+= nonce1
+ nonce2
1280 data
+= nonce2
+ nonce1
1281 label
= "Pairwise key expansion"
1282 ptk
= sha1_prf(pmk
, label
, data
, 48)
1285 return (ptk
, kck
, kek
)
1287 def eapol_key_mic(kck
, msg
):
1288 msg
['rsn_key_mic'] = binascii
.unhexlify('00000000000000000000000000000000')
1289 data
= build_eapol(msg
)
1290 m
= hmac
.new(kck
, data
, hashlib
.sha1
)
1291 msg
['rsn_key_mic'] = m
.digest()[0:16]
1293 def rsn_eapol_key_set(msg
, key_info
, key_len
, nonce
, data
):
1294 msg
['rsn_key_info'] = key_info
1295 msg
['rsn_key_len'] = key_len
1297 msg
['rsn_key_nonce'] = nonce
1299 msg
['rsn_key_nonce'] = binascii
.unhexlify('0000000000000000000000000000000000000000000000000000000000000000')
1301 msg
['rsn_key_data_len'] = len(data
)
1302 msg
['rsn_key_data'] = data
1303 msg
['length'] = 95 + len(data
)
1305 msg
['rsn_key_data_len'] = 0
1306 msg
['rsn_key_data'] = b
''
1309 def recv_eapol(hapd
):
1310 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
1312 raise Exception("Timeout on EAPOL-TX from hostapd")
1313 eapol
= binascii
.unhexlify(ev
.split(' ')[2])
1314 return parse_eapol(eapol
)
1316 def send_eapol(hapd
, addr
, data
):
1317 res
= hapd
.request("EAPOL_RX " + addr
+ " " + binascii
.hexlify(data
).decode())
1319 raise Exception("EAPOL_RX to hostapd failed")
1321 def reply_eapol(info
, hapd
, addr
, msg
, key_info
, nonce
, data
, kck
):
1322 logger
.info("Send EAPOL-Key msg " + info
)
1323 rsn_eapol_key_set(msg
, key_info
, 0, nonce
, data
)
1324 eapol_key_mic(kck
, msg
)
1325 send_eapol(hapd
, addr
, build_eapol(msg
))
1327 def hapd_connected(hapd
):
1328 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=15)
1330 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
1332 def eapol_test(apdev
, dev
, wpa2
=True):
1333 bssid
= apdev
['bssid']
1335 ssid
= "test-wpa2-psk"
1337 ssid
= "test-wpa-psk"
1338 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
1339 pmk
= binascii
.unhexlify(psk
)
1341 params
= hostapd
.wpa2_params(ssid
=ssid
)
1343 params
= hostapd
.wpa_params(ssid
=ssid
)
1344 params
['wpa_psk'] = psk
1345 hapd
= hostapd
.add_ap(apdev
, params
)
1346 hapd
.request("SET ext_eapol_frame_io 1")
1347 dev
.request("SET ext_eapol_frame_io 1")
1348 dev
.connect(ssid
, raw_psk
=psk
, scan_freq
="2412", wait_connect
=False)
1349 addr
= dev
.p2p_interface_addr()
1351 rsne
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020000')
1353 rsne
= binascii
.unhexlify('dd160050f20101000050f20201000050f20201000050f202')
1354 snonce
= binascii
.unhexlify('1111111111111111111111111111111111111111111111111111111111111111')
1355 return (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
)
1358 def test_ap_wpa2_psk_ext_eapol(dev
, apdev
):
1359 """WPA2-PSK AP using external EAPOL supplicant"""
1360 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
1362 msg
= recv_eapol(hapd
)
1363 anonce
= msg
['rsn_key_nonce']
1364 logger
.info("Replay same data back")
1365 send_eapol(hapd
, addr
, build_eapol(msg
))
1367 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1369 logger
.info("Truncated Key Data in EAPOL-Key msg 2/4")
1370 rsn_eapol_key_set(msg
, 0x0101, 0, snonce
, rsne
)
1371 msg
['length'] = 95 + 22 - 1
1372 send_eapol(hapd
, addr
, build_eapol(msg
))
1374 reply_eapol("2/4", hapd
, addr
, msg
, 0x010a, snonce
, rsne
, kck
)
1376 msg
= recv_eapol(hapd
)
1377 if anonce
!= msg
['rsn_key_nonce']:
1378 raise Exception("ANonce changed")
1379 logger
.info("Replay same data back")
1380 send_eapol(hapd
, addr
, build_eapol(msg
))
1382 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
1383 hapd_connected(hapd
)
1386 def test_ap_wpa2_psk_ext_eapol_retry1(dev
, apdev
):
1387 """WPA2 4-way handshake with EAPOL-Key 1/4 retransmitted"""
1388 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
1390 msg1
= recv_eapol(hapd
)
1391 anonce
= msg1
['rsn_key_nonce']
1393 msg2
= recv_eapol(hapd
)
1394 if anonce
!= msg2
['rsn_key_nonce']:
1395 raise Exception("ANonce changed")
1397 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1399 logger
.info("Send EAPOL-Key msg 2/4")
1401 rsn_eapol_key_set(msg
, 0x010a, 0, snonce
, rsne
)
1402 eapol_key_mic(kck
, msg
)
1403 send_eapol(hapd
, addr
, build_eapol(msg
))
1405 msg
= recv_eapol(hapd
)
1406 if anonce
!= msg
['rsn_key_nonce']:
1407 raise Exception("ANonce changed")
1409 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
1410 hapd_connected(hapd
)
1413 def test_ap_wpa2_psk_ext_eapol_retry1b(dev
, apdev
):
1414 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted"""
1415 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
1417 msg1
= recv_eapol(hapd
)
1418 anonce
= msg1
['rsn_key_nonce']
1419 msg2
= recv_eapol(hapd
)
1420 if anonce
!= msg2
['rsn_key_nonce']:
1421 raise Exception("ANonce changed")
1423 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1424 reply_eapol("2/4 (a)", hapd
, addr
, msg1
, 0x010a, snonce
, rsne
, kck
)
1425 reply_eapol("2/4 (b)", hapd
, addr
, msg2
, 0x010a, snonce
, rsne
, kck
)
1427 msg
= recv_eapol(hapd
)
1428 if anonce
!= msg
['rsn_key_nonce']:
1429 raise Exception("ANonce changed")
1431 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
1432 hapd_connected(hapd
)
1435 def test_ap_wpa2_psk_ext_eapol_retry1c(dev
, apdev
):
1436 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing"""
1437 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
1439 msg1
= recv_eapol(hapd
)
1440 anonce
= msg1
['rsn_key_nonce']
1442 msg2
= recv_eapol(hapd
)
1443 if anonce
!= msg2
['rsn_key_nonce']:
1444 raise Exception("ANonce changed")
1445 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1446 reply_eapol("2/4 (a)", hapd
, addr
, msg1
, 0x010a, snonce
, rsne
, kck
)
1448 snonce2
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1449 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce2
, anonce
)
1450 reply_eapol("2/4 (b)", hapd
, addr
, msg2
, 0x010a, snonce2
, rsne
, kck
)
1452 msg
= recv_eapol(hapd
)
1453 if anonce
!= msg
['rsn_key_nonce']:
1454 raise Exception("ANonce changed")
1455 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
1456 hapd_connected(hapd
)
1459 def test_ap_wpa2_psk_ext_eapol_retry1d(dev
, apdev
):
1460 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing and older used"""
1461 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
1463 msg1
= recv_eapol(hapd
)
1464 anonce
= msg1
['rsn_key_nonce']
1465 msg2
= recv_eapol(hapd
)
1466 if anonce
!= msg2
['rsn_key_nonce']:
1467 raise Exception("ANonce changed")
1469 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1470 reply_eapol("2/4 (a)", hapd
, addr
, msg1
, 0x010a, snonce
, rsne
, kck
)
1472 snonce2
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1473 (ptk2
, kck2
, kek2
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce2
, anonce
)
1475 reply_eapol("2/4 (b)", hapd
, addr
, msg2
, 0x010a, snonce2
, rsne
, kck2
)
1476 msg
= recv_eapol(hapd
)
1477 if anonce
!= msg
['rsn_key_nonce']:
1478 raise Exception("ANonce changed")
1479 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
1480 hapd_connected(hapd
)
1483 def test_ap_wpa2_psk_ext_eapol_type_diff(dev
, apdev
):
1484 """WPA2 4-way handshake using external EAPOL supplicant"""
1485 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
1487 msg
= recv_eapol(hapd
)
1488 anonce
= msg
['rsn_key_nonce']
1490 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1492 # Incorrect descriptor type (frame dropped)
1493 msg
['descr_type'] = 253
1494 rsn_eapol_key_set(msg
, 0x010a, 0, snonce
, rsne
)
1495 eapol_key_mic(kck
, msg
)
1496 send_eapol(hapd
, addr
, build_eapol(msg
))
1498 # Incorrect descriptor type, but with a workaround (frame processed)
1499 msg
['descr_type'] = 254
1500 rsn_eapol_key_set(msg
, 0x010a, 0, snonce
, rsne
)
1501 eapol_key_mic(kck
, msg
)
1502 send_eapol(hapd
, addr
, build_eapol(msg
))
1504 msg
= recv_eapol(hapd
)
1505 if anonce
!= msg
['rsn_key_nonce']:
1506 raise Exception("ANonce changed")
1507 logger
.info("Replay same data back")
1508 send_eapol(hapd
, addr
, build_eapol(msg
))
1510 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
1511 hapd_connected(hapd
)
1514 def test_ap_wpa_psk_ext_eapol(dev
, apdev
):
1515 """WPA2-PSK AP using external EAPOL supplicant"""
1516 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, wpae
) = eapol_test(apdev
[0], dev
[0],
1519 msg
= recv_eapol(hapd
)
1520 anonce
= msg
['rsn_key_nonce']
1521 logger
.info("Replay same data back")
1522 send_eapol(hapd
, addr
, build_eapol(msg
))
1523 logger
.info("Too short data")
1524 send_eapol(hapd
, addr
, build_eapol(msg
)[0:98])
1526 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1527 msg
['descr_type'] = 2
1528 reply_eapol("2/4(invalid type)", hapd
, addr
, msg
, 0x010a, snonce
, wpae
, kck
)
1529 msg
['descr_type'] = 254
1530 reply_eapol("2/4", hapd
, addr
, msg
, 0x010a, snonce
, wpae
, kck
)
1532 msg
= recv_eapol(hapd
)
1533 if anonce
!= msg
['rsn_key_nonce']:
1534 raise Exception("ANonce changed")
1535 logger
.info("Replay same data back")
1536 send_eapol(hapd
, addr
, build_eapol(msg
))
1538 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
1539 hapd_connected(hapd
)
1542 def test_ap_wpa2_psk_ext_eapol_key_info(dev
, apdev
):
1543 """WPA2-PSK 4-way handshake with strange key info values"""
1544 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
1546 msg
= recv_eapol(hapd
)
1547 anonce
= msg
['rsn_key_nonce']
1549 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1550 rsn_eapol_key_set(msg
, 0x0000, 0, snonce
, rsne
)
1551 send_eapol(hapd
, addr
, build_eapol(msg
))
1552 rsn_eapol_key_set(msg
, 0xffff, 0, snonce
, rsne
)
1553 send_eapol(hapd
, addr
, build_eapol(msg
))
1555 rsn_eapol_key_set(msg
, 0x2802, 0, snonce
, rsne
)
1556 send_eapol(hapd
, addr
, build_eapol(msg
))
1558 rsn_eapol_key_set(msg
, 0x2002, 0, snonce
, rsne
)
1559 send_eapol(hapd
, addr
, build_eapol(msg
))
1561 rsn_eapol_key_set(msg
, 0x0902, 0, snonce
, rsne
)
1562 send_eapol(hapd
, addr
, build_eapol(msg
))
1564 rsn_eapol_key_set(msg
, 0x0902, 0, snonce
, rsne
)
1565 tmp_kck
= binascii
.unhexlify('00000000000000000000000000000000')
1566 eapol_key_mic(tmp_kck
, msg
)
1567 send_eapol(hapd
, addr
, build_eapol(msg
))
1569 reply_eapol("2/4", hapd
, addr
, msg
, 0x010a, snonce
, rsne
, kck
)
1571 msg
= recv_eapol(hapd
)
1572 if anonce
!= msg
['rsn_key_nonce']:
1573 raise Exception("ANonce changed")
1575 # Request (valic MIC)
1576 rsn_eapol_key_set(msg
, 0x0902, 0, snonce
, rsne
)
1577 eapol_key_mic(kck
, msg
)
1578 send_eapol(hapd
, addr
, build_eapol(msg
))
1579 # Request (valid MIC, replayed counter)
1580 rsn_eapol_key_set(msg
, 0x0902, 0, snonce
, rsne
)
1581 eapol_key_mic(kck
, msg
)
1582 send_eapol(hapd
, addr
, build_eapol(msg
))
1584 reply_eapol("4/4", hapd
, addr
, msg
, 0x030a, None, None, kck
)
1585 hapd_connected(hapd
)
1587 def build_eapol_key_1_4(anonce
, replay_counter
=1, key_data
=b
'', key_len
=16):
1591 msg
['length'] = 95 + len(key_data
)
1593 msg
['descr_type'] = 2
1594 msg
['rsn_key_info'] = 0x8a
1595 msg
['rsn_key_len'] = key_len
1596 msg
['rsn_replay_counter'] = struct
.pack('>Q', replay_counter
)
1597 msg
['rsn_key_nonce'] = anonce
1598 msg
['rsn_key_iv'] = binascii
.unhexlify('00000000000000000000000000000000')
1599 msg
['rsn_key_rsc'] = binascii
.unhexlify('0000000000000000')
1600 msg
['rsn_key_id'] = binascii
.unhexlify('0000000000000000')
1601 msg
['rsn_key_mic'] = binascii
.unhexlify('00000000000000000000000000000000')
1602 msg
['rsn_key_data_len'] = len(key_data
)
1603 msg
['rsn_key_data'] = key_data
1606 def build_eapol_key_3_4(anonce
, kck
, key_data
, replay_counter
=2,
1607 key_info
=0x13ca, extra_len
=0, descr_type
=2, key_len
=16):
1611 msg
['length'] = 95 + len(key_data
) + extra_len
1613 msg
['descr_type'] = descr_type
1614 msg
['rsn_key_info'] = key_info
1615 msg
['rsn_key_len'] = key_len
1616 msg
['rsn_replay_counter'] = struct
.pack('>Q', replay_counter
)
1617 msg
['rsn_key_nonce'] = anonce
1618 msg
['rsn_key_iv'] = binascii
.unhexlify('00000000000000000000000000000000')
1619 msg
['rsn_key_rsc'] = binascii
.unhexlify('0000000000000000')
1620 msg
['rsn_key_id'] = binascii
.unhexlify('0000000000000000')
1621 msg
['rsn_key_data_len'] = len(key_data
)
1622 msg
['rsn_key_data'] = key_data
1623 eapol_key_mic(kck
, msg
)
1626 def aes_wrap(kek
, plain
):
1628 a
= 0xa6a6a6a6a6a6a6a6
1629 enc
= AES
.new(kek
).encrypt
1630 r
= [plain
[i
* 8:(i
+ 1) * 8] for i
in range(0, n
)]
1632 for i
in range(1, n
+ 1):
1633 b
= enc(struct
.pack('>Q', a
) + r
[i
- 1])
1634 a
= struct
.unpack('>Q', b
[:8])[0] ^
(n
* j
+ i
)
1636 return struct
.pack('>Q', a
) + b
''.join(r
)
1638 def pad_key_data(plain
):
1639 pad_len
= len(plain
) % 8
1641 pad_len
= 8 - pad_len
1644 plain
+= pad_len
* b
'\x00'
1647 def test_ap_wpa2_psk_supp_proto(dev
, apdev
):
1648 """WPA2-PSK 4-way handshake protocol testing for supplicant"""
1649 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
1651 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1652 msg
= recv_eapol(hapd
)
1653 dev
[0].dump_monitor()
1655 # Build own EAPOL-Key msg 1/4
1656 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1658 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
1660 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1661 msg
= recv_eapol(dev
[0])
1662 snonce
= msg
['rsn_key_nonce']
1664 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1666 logger
.debug("Invalid AES wrap data length 0")
1667 dev
[0].dump_monitor()
1668 msg
= build_eapol_key_3_4(anonce
, kck
, b
'', replay_counter
=counter
)
1670 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1671 ev
= dev
[0].wait_event(["WPA: Unsupported AES-WRAP len 0"])
1673 raise Exception("Unsupported AES-WRAP len 0 not reported")
1675 logger
.debug("Invalid AES wrap data length 1")
1676 dev
[0].dump_monitor()
1677 msg
= build_eapol_key_3_4(anonce
, kck
, b
'1', replay_counter
=counter
)
1679 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1680 ev
= dev
[0].wait_event(["WPA: Unsupported AES-WRAP len 1"])
1682 raise Exception("Unsupported AES-WRAP len 1 not reported")
1684 logger
.debug("Invalid AES wrap data length 9")
1685 dev
[0].dump_monitor()
1686 msg
= build_eapol_key_3_4(anonce
, kck
, b
'123456789', replay_counter
=counter
)
1688 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1689 ev
= dev
[0].wait_event(["WPA: Unsupported AES-WRAP len 9"])
1691 raise Exception("Unsupported AES-WRAP len 9 not reported")
1693 logger
.debug("Invalid AES wrap data payload")
1694 dev
[0].dump_monitor()
1695 msg
= build_eapol_key_3_4(anonce
, kck
, b
'12345678', replay_counter
=counter
)
1696 # do not increment counter to test replay protection
1697 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1698 ev
= dev
[0].wait_event(["WPA: AES unwrap failed"])
1700 raise Exception("AES unwrap failure not reported")
1702 logger
.debug("Replay Count not increasing")
1703 dev
[0].dump_monitor()
1704 msg
= build_eapol_key_3_4(anonce
, kck
, b
'12345678', replay_counter
=counter
)
1706 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1707 ev
= dev
[0].wait_event(["WPA: EAPOL-Key Replay Counter did not increase"])
1709 raise Exception("Replay Counter replay not reported")
1711 logger
.debug("Missing Ack bit in key info")
1712 dev
[0].dump_monitor()
1713 msg
= build_eapol_key_3_4(anonce
, kck
, b
'12345678', replay_counter
=counter
,
1716 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1717 ev
= dev
[0].wait_event(["WPA: No Ack bit in key_info"])
1719 raise Exception("Missing Ack bit not reported")
1721 logger
.debug("Unexpected Request bit in key info")
1722 dev
[0].dump_monitor()
1723 msg
= build_eapol_key_3_4(anonce
, kck
, b
'12345678', replay_counter
=counter
,
1726 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1727 ev
= dev
[0].wait_event(["WPA: EAPOL-Key with Request bit"])
1729 raise Exception("Request bit not reported")
1731 logger
.debug("Unsupported key descriptor version 0")
1732 dev
[0].dump_monitor()
1733 msg
= build_eapol_key_3_4(anonce
, kck
, b
'0123456789abcdef',
1734 replay_counter
=counter
, key_info
=0x13c8)
1736 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1737 ev
= dev
[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 0"])
1739 raise Exception("Unsupported EAPOL-Key descriptor version 0 not reported")
1741 logger
.debug("Key descriptor version 1 not allowed with CCMP")
1742 dev
[0].dump_monitor()
1743 msg
= build_eapol_key_3_4(anonce
, kck
, b
'0123456789abcdef',
1744 replay_counter
=counter
, key_info
=0x13c9)
1746 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1747 ev
= dev
[0].wait_event(["WPA: CCMP is used, but EAPOL-Key descriptor version (1) is not 2"])
1749 raise Exception("Not allowed EAPOL-Key descriptor version not reported")
1751 logger
.debug("Invalid AES wrap payload with key descriptor version 2")
1752 dev
[0].dump_monitor()
1753 msg
= build_eapol_key_3_4(anonce
, kck
, b
'0123456789abcdef',
1754 replay_counter
=counter
, key_info
=0x13ca)
1756 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1757 ev
= dev
[0].wait_event(["WPA: AES unwrap failed"])
1759 raise Exception("AES unwrap failure not reported")
1761 logger
.debug("Key descriptor version 3 workaround")
1762 dev
[0].dump_monitor()
1763 msg
= build_eapol_key_3_4(anonce
, kck
, b
'0123456789abcdef',
1764 replay_counter
=counter
, key_info
=0x13cb)
1766 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1767 ev
= dev
[0].wait_event(["WPA: CCMP is used, but EAPOL-Key descriptor version (3) is not 2"])
1769 raise Exception("CCMP key descriptor mismatch not reported")
1770 ev
= dev
[0].wait_event(["WPA: Interoperability workaround"])
1772 raise Exception("AES-128-CMAC workaround not reported")
1773 ev
= dev
[0].wait_event(["WPA: Invalid EAPOL-Key MIC - dropping packet"])
1775 raise Exception("MIC failure with AES-128-CMAC workaround not reported")
1777 logger
.debug("Unsupported key descriptor version 4")
1778 dev
[0].dump_monitor()
1779 msg
= build_eapol_key_3_4(anonce
, kck
, b
'0123456789abcdef',
1780 replay_counter
=counter
, key_info
=0x13cc)
1782 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1783 ev
= dev
[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 4"])
1785 raise Exception("Unsupported EAPOL-Key descriptor version 4 not reported")
1787 logger
.debug("Unsupported key descriptor version 7")
1788 dev
[0].dump_monitor()
1789 msg
= build_eapol_key_3_4(anonce
, kck
, b
'0123456789abcdef',
1790 replay_counter
=counter
, key_info
=0x13cf)
1792 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1793 ev
= dev
[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 7"])
1795 raise Exception("Unsupported EAPOL-Key descriptor version 7 not reported")
1797 logger
.debug("Too short EAPOL header length")
1798 dev
[0].dump_monitor()
1799 msg
= build_eapol_key_3_4(anonce
, kck
, b
'12345678', replay_counter
=counter
,
1802 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1803 ev
= dev
[0].wait_event(["WPA: Invalid EAPOL-Key frame - key_data overflow (8 > 7)"])
1805 raise Exception("Key data overflow not reported")
1807 logger
.debug("Too long EAPOL header length")
1808 msg
= build_eapol_key_3_4(anonce
, kck
, b
'12345678', replay_counter
=counter
,
1811 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1813 logger
.debug("Unsupported descriptor type 0")
1814 msg
= build_eapol_key_3_4(anonce
, kck
, b
'12345678', replay_counter
=counter
,
1817 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1819 logger
.debug("WPA descriptor type 0")
1820 msg
= build_eapol_key_3_4(anonce
, kck
, b
'12345678', replay_counter
=counter
,
1823 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1825 logger
.debug("Non-zero key index for pairwise key")
1826 dev
[0].dump_monitor()
1827 wrapped
= aes_wrap(kek
, 16*b
'z')
1828 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
,
1831 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1832 ev
= dev
[0].wait_event(["WPA: Ignored EAPOL-Key (Pairwise) with non-zero key index"])
1834 raise Exception("Non-zero key index not reported")
1836 logger
.debug("Invalid Key Data plaintext payload --> disconnect")
1837 dev
[0].dump_monitor()
1838 wrapped
= aes_wrap(kek
, 16*b
'z')
1839 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
1841 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1842 dev
[0].wait_disconnected(timeout
=1)
1844 def test_ap_wpa2_psk_supp_proto_no_ie(dev
, apdev
):
1845 """WPA2-PSK supplicant protocol testing: IE not included"""
1846 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
1848 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1849 msg
= recv_eapol(hapd
)
1850 dev
[0].dump_monitor()
1852 # Build own EAPOL-Key msg 1/4
1853 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1855 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
1857 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1858 msg
= recv_eapol(dev
[0])
1859 snonce
= msg
['rsn_key_nonce']
1861 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1863 logger
.debug("No IEs in msg 3/4 --> disconnect")
1864 dev
[0].dump_monitor()
1865 wrapped
= aes_wrap(kek
, 16*b
'\x00')
1866 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
1868 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1869 dev
[0].wait_disconnected(timeout
=1)
1871 def test_ap_wpa2_psk_supp_proto_ie_mismatch(dev
, apdev
):
1872 """WPA2-PSK supplicant protocol testing: IE mismatch"""
1873 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
1875 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1876 msg
= recv_eapol(hapd
)
1877 dev
[0].dump_monitor()
1879 # Build own EAPOL-Key msg 1/4
1880 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1882 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
1884 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1885 msg
= recv_eapol(dev
[0])
1886 snonce
= msg
['rsn_key_nonce']
1888 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1890 logger
.debug("Msg 3/4 with mismatching IE")
1891 dev
[0].dump_monitor()
1892 wrapped
= aes_wrap(kek
, pad_key_data(binascii
.unhexlify('30060100000fac04dd16000fac010100dc11188831bf4aa4a8678d2b41498618')))
1893 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
1895 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1896 dev
[0].wait_disconnected(timeout
=1)
1898 def test_ap_wpa2_psk_supp_proto_ok(dev
, apdev
):
1899 """WPA2-PSK supplicant protocol testing: success"""
1900 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
1902 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1903 msg
= recv_eapol(hapd
)
1904 dev
[0].dump_monitor()
1906 # Build own EAPOL-Key msg 1/4
1907 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1909 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
1911 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1912 msg
= recv_eapol(dev
[0])
1913 snonce
= msg
['rsn_key_nonce']
1915 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1917 logger
.debug("Valid EAPOL-Key msg 3/4")
1918 dev
[0].dump_monitor()
1919 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1920 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
1921 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
1923 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1924 dev
[0].wait_connected(timeout
=1)
1926 def test_ap_wpa2_psk_supp_proto_no_gtk(dev
, apdev
):
1927 """WPA2-PSK supplicant protocol testing: no GTK"""
1928 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
1930 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1931 msg
= recv_eapol(hapd
)
1932 dev
[0].dump_monitor()
1934 # Build own EAPOL-Key msg 1/4
1935 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1937 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
1939 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1940 msg
= recv_eapol(dev
[0])
1941 snonce
= msg
['rsn_key_nonce']
1943 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1945 logger
.debug("EAPOL-Key msg 3/4 without GTK KDE")
1946 dev
[0].dump_monitor()
1947 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00')
1948 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
1949 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
1951 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1952 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=0.1)
1954 raise Exception("Unexpected connection completion reported")
1956 def test_ap_wpa2_psk_supp_proto_anonce_change(dev
, apdev
):
1957 """WPA2-PSK supplicant protocol testing: ANonce change"""
1958 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
1960 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1961 msg
= recv_eapol(hapd
)
1962 dev
[0].dump_monitor()
1964 # Build own EAPOL-Key msg 1/4
1965 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1967 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
1969 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1970 msg
= recv_eapol(dev
[0])
1971 snonce
= msg
['rsn_key_nonce']
1973 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
1975 logger
.debug("Valid EAPOL-Key msg 3/4")
1976 dev
[0].dump_monitor()
1977 anonce2
= binascii
.unhexlify('3333333333333333333333333333333333333333333333333333333333333333')
1978 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1979 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
1980 msg
= build_eapol_key_3_4(anonce2
, kck
, wrapped
, replay_counter
=counter
)
1982 send_eapol(dev
[0], bssid
, build_eapol(msg
))
1983 ev
= dev
[0].wait_event(["WPA: ANonce from message 1 of 4-Way Handshake differs from 3 of 4-Way Handshake"])
1985 raise Exception("ANonce change not reported")
1987 def test_ap_wpa2_psk_supp_proto_unexpected_group_msg(dev
, apdev
):
1988 """WPA2-PSK supplicant protocol testing: unexpected group message"""
1989 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
1991 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1992 msg
= recv_eapol(hapd
)
1993 dev
[0].dump_monitor()
1995 # Build own EAPOL-Key msg 1/4
1996 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1998 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
2000 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2001 msg
= recv_eapol(dev
[0])
2002 snonce
= msg
['rsn_key_nonce']
2004 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
2006 logger
.debug("Group key 1/2 instead of msg 3/4")
2007 dev
[0].dump_monitor()
2008 wrapped
= aes_wrap(kek
, binascii
.unhexlify('dd16000fac010100dc11188831bf4aa4a8678d2b41498618'))
2009 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
,
2012 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2013 ev
= dev
[0].wait_event(["WPA: Group Key Handshake started prior to completion of 4-way handshake"])
2015 raise Exception("Unexpected group key message not reported")
2016 dev
[0].wait_disconnected(timeout
=1)
2019 def test_ap_wpa2_psk_supp_proto_msg_1_invalid_kde(dev
, apdev
):
2020 """WPA2-PSK supplicant protocol testing: invalid KDE in msg 1/4"""
2021 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
2023 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2024 msg
= recv_eapol(hapd
)
2025 dev
[0].dump_monitor()
2027 # Build own EAPOL-Key msg 1/4 with invalid KDE
2028 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2030 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
,
2031 key_data
=binascii
.unhexlify('5555'))
2033 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2034 dev
[0].wait_disconnected(timeout
=1)
2036 def test_ap_wpa2_psk_supp_proto_wrong_pairwise_key_len(dev
, apdev
):
2037 """WPA2-PSK supplicant protocol testing: wrong pairwise key length"""
2038 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
2040 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2041 msg
= recv_eapol(hapd
)
2042 dev
[0].dump_monitor()
2044 # Build own EAPOL-Key msg 1/4
2045 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2047 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
2049 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2050 msg
= recv_eapol(dev
[0])
2051 snonce
= msg
['rsn_key_nonce']
2053 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
2055 logger
.debug("Valid EAPOL-Key msg 3/4")
2056 dev
[0].dump_monitor()
2057 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
2058 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
2059 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
,
2062 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2063 ev
= dev
[0].wait_event(["WPA: Invalid CCMP key length 15"])
2065 raise Exception("Invalid CCMP key length not reported")
2066 dev
[0].wait_disconnected(timeout
=1)
2068 def test_ap_wpa2_psk_supp_proto_wrong_group_key_len(dev
, apdev
):
2069 """WPA2-PSK supplicant protocol testing: wrong group key length"""
2070 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
2072 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2073 msg
= recv_eapol(hapd
)
2074 dev
[0].dump_monitor()
2076 # Build own EAPOL-Key msg 1/4
2077 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2079 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
2081 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2082 msg
= recv_eapol(dev
[0])
2083 snonce
= msg
['rsn_key_nonce']
2085 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
2087 logger
.debug("Valid EAPOL-Key msg 3/4")
2088 dev
[0].dump_monitor()
2089 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd15000fac010100dc11188831bf4aa4a8678d2b414986')
2090 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
2091 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
2093 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2094 ev
= dev
[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 15"])
2096 raise Exception("Invalid CCMP key length not reported")
2097 dev
[0].wait_disconnected(timeout
=1)
2099 def test_ap_wpa2_psk_supp_proto_gtk_tx_bit_workaround(dev
, apdev
):
2100 """WPA2-PSK supplicant protocol testing: GTK TX bit workaround"""
2101 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
2103 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2104 msg
= recv_eapol(hapd
)
2105 dev
[0].dump_monitor()
2107 # Build own EAPOL-Key msg 1/4
2108 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2110 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
2112 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2113 msg
= recv_eapol(dev
[0])
2114 snonce
= msg
['rsn_key_nonce']
2116 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
2118 logger
.debug("Valid EAPOL-Key msg 3/4")
2119 dev
[0].dump_monitor()
2120 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010500dc11188831bf4aa4a8678d2b41498618')
2121 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
2122 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
2124 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2125 ev
= dev
[0].wait_event(["WPA: Tx bit set for GTK, but pairwise keys are used - ignore Tx bit"])
2127 raise Exception("GTK Tx bit workaround not reported")
2128 dev
[0].wait_connected(timeout
=1)
2130 def test_ap_wpa2_psk_supp_proto_gtk_keyidx_0_and_3(dev
, apdev
):
2131 """WPA2-PSK supplicant protocol testing: GTK key index 0 and 3"""
2132 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
2134 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2135 msg
= recv_eapol(hapd
)
2136 dev
[0].dump_monitor()
2138 # Build own EAPOL-Key msg 1/4
2139 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2141 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
2143 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2144 msg
= recv_eapol(dev
[0])
2145 snonce
= msg
['rsn_key_nonce']
2147 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
2149 logger
.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
2150 dev
[0].dump_monitor()
2151 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
2152 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
2153 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
2155 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2156 dev
[0].wait_connected(timeout
=1)
2158 logger
.debug("Valid EAPOL-Key group msg 1/2 (GTK keyidx 3)")
2159 dev
[0].dump_monitor()
2160 plain
= binascii
.unhexlify('dd16000fac010300dc11188831bf4aa4a8678d2b41498618')
2161 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
2162 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
,
2165 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2166 msg
= recv_eapol(dev
[0])
2167 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"])
2169 raise Exception("GTK rekeing not reported")
2171 logger
.debug("Unencrypted GTK KDE in group msg 1/2")
2172 dev
[0].dump_monitor()
2173 plain
= binascii
.unhexlify('dd16000fac010300dc11188831bf4aa4a8678d2b41498618')
2174 msg
= build_eapol_key_3_4(anonce
, kck
, plain
, replay_counter
=counter
,
2177 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2178 ev
= dev
[0].wait_event(["WPA: GTK IE in unencrypted key data"])
2180 raise Exception("Unencrypted GTK KDE not reported")
2181 dev
[0].wait_disconnected(timeout
=1)
2183 def test_ap_wpa2_psk_supp_proto_no_gtk_in_group_msg(dev
, apdev
):
2184 """WPA2-PSK supplicant protocol testing: GTK KDE missing from group msg"""
2185 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
2187 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2188 msg
= recv_eapol(hapd
)
2189 dev
[0].dump_monitor()
2191 # Build own EAPOL-Key msg 1/4
2192 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2194 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
2196 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2197 msg
= recv_eapol(dev
[0])
2198 snonce
= msg
['rsn_key_nonce']
2200 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
2202 logger
.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
2203 dev
[0].dump_monitor()
2204 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
2205 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
2206 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
2208 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2209 dev
[0].wait_connected(timeout
=1)
2211 logger
.debug("No GTK KDE in EAPOL-Key group msg 1/2")
2212 dev
[0].dump_monitor()
2213 plain
= binascii
.unhexlify('dd00dd00dd00dd00dd00dd00dd00dd00')
2214 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
2215 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
,
2218 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2219 ev
= dev
[0].wait_event(["WPA: No GTK IE in Group Key msg 1/2"])
2221 raise Exception("Missing GTK KDE not reported")
2222 dev
[0].wait_disconnected(timeout
=1)
2224 def test_ap_wpa2_psk_supp_proto_too_long_gtk_in_group_msg(dev
, apdev
):
2225 """WPA2-PSK supplicant protocol testing: too long GTK KDE in group msg"""
2226 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
2228 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2229 msg
= recv_eapol(hapd
)
2230 dev
[0].dump_monitor()
2232 # Build own EAPOL-Key msg 1/4
2233 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2235 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
2237 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2238 msg
= recv_eapol(dev
[0])
2239 snonce
= msg
['rsn_key_nonce']
2241 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
2243 logger
.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
2244 dev
[0].dump_monitor()
2245 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
2246 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
2247 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
2249 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2250 dev
[0].wait_connected(timeout
=1)
2252 logger
.debug("EAPOL-Key group msg 1/2 with too long GTK KDE")
2253 dev
[0].dump_monitor()
2254 plain
= binascii
.unhexlify('dd27000fac010100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff')
2255 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
2256 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
,
2259 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2260 ev
= dev
[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 33"])
2262 raise Exception("Too long GTK KDE not reported")
2263 dev
[0].wait_disconnected(timeout
=1)
2265 def test_ap_wpa2_psk_supp_proto_too_long_gtk_kde(dev
, apdev
):
2266 """WPA2-PSK supplicant protocol testing: too long GTK KDE"""
2267 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
2269 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2270 msg
= recv_eapol(hapd
)
2271 dev
[0].dump_monitor()
2273 # Build own EAPOL-Key msg 1/4
2274 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2276 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
2278 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2279 msg
= recv_eapol(dev
[0])
2280 snonce
= msg
['rsn_key_nonce']
2282 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
2284 logger
.debug("EAPOL-Key msg 3/4 with too short GTK KDE")
2285 dev
[0].dump_monitor()
2286 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd27000fac010100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff')
2287 wrapped
= aes_wrap(kek
, pad_key_data(plain
))
2288 msg
= build_eapol_key_3_4(anonce
, kck
, wrapped
, replay_counter
=counter
)
2290 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2291 dev
[0].wait_disconnected(timeout
=1)
2293 def test_ap_wpa2_psk_supp_proto_gtk_not_encrypted(dev
, apdev
):
2294 """WPA2-PSK supplicant protocol testing: GTK KDE not encrypted"""
2295 (bssid
, ssid
, hapd
, snonce
, pmk
, addr
, rsne
) = eapol_test(apdev
[0], dev
[0])
2297 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2298 msg
= recv_eapol(hapd
)
2299 dev
[0].dump_monitor()
2301 # Build own EAPOL-Key msg 1/4
2302 anonce
= binascii
.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2304 msg
= build_eapol_key_1_4(anonce
, replay_counter
=counter
)
2306 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2307 msg
= recv_eapol(dev
[0])
2308 snonce
= msg
['rsn_key_nonce']
2310 (ptk
, kck
, kek
) = pmk_to_ptk(pmk
, addr
, bssid
, snonce
, anonce
)
2312 logger
.debug("Valid EAPOL-Key msg 3/4")
2313 dev
[0].dump_monitor()
2314 plain
= binascii
.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
2315 msg
= build_eapol_key_3_4(anonce
, kck
, plain
, replay_counter
=counter
,
2318 send_eapol(dev
[0], bssid
, build_eapol(msg
))
2319 ev
= dev
[0].wait_event(["WPA: GTK IE in unencrypted key data"])
2321 raise Exception("Unencrypted GTK KDE not reported")
2322 dev
[0].wait_disconnected(timeout
=1)
2324 def find_wpas_process(dev
):
2326 err
, data
= dev
.cmd_execute(['ps', 'ax'])
2327 for l
in data
.splitlines():
2328 if "wpa_supplicant" not in l
:
2330 if "-i" + ifname
not in l
:
2332 return int(l
.strip().split(' ')[0])
2333 raise Exception("Could not find wpa_supplicant process")
2335 def read_process_memory(pid
, key
=None):
2337 logger
.info("Reading process memory (pid=%d)" % pid
)
2338 with
open('/proc/%d/maps' % pid
, 'r') as maps
, \
2339 open('/proc/%d/mem' % pid
, 'rb') as mem
:
2340 for l
in maps
.readlines():
2341 m
= re
.match(r
'([0-9a-f]+)-([0-9a-f]+) ([-r][-w][-x][-p])', l
)
2344 start
= int(m
.group(1), 16)
2345 end
= int(m
.group(2), 16)
2347 if start
> 0xffffffffffff:
2351 if not perm
.startswith('rw'):
2353 for name
in ["[heap]", "[stack]"]:
2355 logger
.info("%s 0x%x-0x%x is at %d-%d" % (name
, start
, end
, len(buf
), len(buf
) + (end
- start
)))
2357 data
= mem
.read(end
- start
)
2359 if key
and key
in data
:
2360 logger
.info("Key found in " + l
)
2361 logger
.info("Total process memory read: %d bytes" % len(buf
))
2364 def verify_not_present(buf
, key
, fname
, keyname
):
2369 prefix
= 2048 if pos
> 2048 else pos
2370 with
open(fname
+ keyname
, 'wb') as f
:
2371 f
.write(buf
[pos
- prefix
:pos
+ 2048])
2372 raise Exception(keyname
+ " found after disassociation")
2374 def get_key_locations(buf
, key
, keyname
):
2378 pos
= buf
.find(key
, pos
)
2381 logger
.info("Found %s at %d" % (keyname
, pos
))
2383 start
= pos
- context
if pos
> context
else 0
2384 before
= binascii
.hexlify(buf
[start
:pos
])
2386 end
= pos
+ context
if pos
< len(buf
) - context
else len(buf
) - context
2387 after
= binascii
.hexlify(buf
[pos
+ len(key
):end
])
2388 logger
.debug("Memory context %d-%d: %s|%s|%s" % (start
, end
, before
, binascii
.hexlify(key
), after
))
2393 def test_wpa2_psk_key_lifetime_in_memory(dev
, apdev
, params
):
2394 """WPA2-PSK and PSK/PTK lifetime in memory"""
2395 ssid
= "test-wpa2-psk"
2396 passphrase
= 'qwertyuiop'
2397 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2398 pmk
= binascii
.unhexlify(psk
)
2399 p
= hostapd
.wpa2_params(ssid
=ssid
)
2401 hapd
= hostapd
.add_ap(apdev
[0], p
)
2403 pid
= find_wpas_process(dev
[0])
2405 id = dev
[0].connect(ssid
, raw_psk
=psk
, scan_freq
="2412",
2406 only_add_network
=True)
2408 logger
.info("Checking keys in memory after network profile configuration")
2409 buf
= read_process_memory(pid
, pmk
)
2410 get_key_locations(buf
, pmk
, "PMK")
2412 dev
[0].request("REMOVE_NETWORK all")
2413 logger
.info("Checking keys in memory after network profile removal")
2414 buf
= read_process_memory(pid
, pmk
)
2415 get_key_locations(buf
, pmk
, "PMK")
2417 id = dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412",
2418 only_add_network
=True)
2420 logger
.info("Checking keys in memory before connection")
2421 buf
= read_process_memory(pid
, pmk
)
2422 get_key_locations(buf
, pmk
, "PMK")
2424 dev
[0].connect_network(id, timeout
=20)
2425 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
2426 # event has been delivered, so verify that wpa_supplicant has returned to
2427 # eloop before reading process memory.
2431 buf
= read_process_memory(pid
, pmk
)
2433 dev
[0].request("DISCONNECT")
2434 dev
[0].wait_disconnected()
2439 with
open(os
.path
.join(params
['logdir'], 'log0'), 'r') as f
:
2440 for l
in f
.readlines():
2441 if "WPA: PTK - hexdump" in l
:
2442 val
= l
.strip().split(':')[3].replace(' ', '')
2443 ptk
= binascii
.unhexlify(val
)
2444 if "WPA: Group Key - hexdump" in l
:
2445 val
= l
.strip().split(':')[3].replace(' ', '')
2446 gtk
= binascii
.unhexlify(val
)
2447 if not pmk
or not ptk
or not gtk
:
2448 raise Exception("Could not find keys from debug log")
2450 raise Exception("Unexpected GTK length")
2456 logger
.info("Checking keys in memory while associated")
2457 get_key_locations(buf
, pmk
, "PMK")
2459 raise HwsimSkip("PMK not found while associated")
2461 raise Exception("KCK not found while associated")
2463 raise Exception("KEK not found while associated")
2465 # raise Exception("TK found from memory")
2467 logger
.info("Checking keys in memory after disassociation")
2468 buf
= read_process_memory(pid
, pmk
)
2469 get_key_locations(buf
, pmk
, "PMK")
2471 # Note: PMK/PSK is still present in network configuration
2473 fname
= os
.path
.join(params
['logdir'],
2474 'wpa2_psk_key_lifetime_in_memory.memctx-')
2475 verify_not_present(buf
, kck
, fname
, "KCK")
2476 verify_not_present(buf
, kek
, fname
, "KEK")
2477 verify_not_present(buf
, tk
, fname
, "TK")
2479 get_key_locations(buf
, gtk
, "GTK")
2480 verify_not_present(buf
, gtk
, fname
, "GTK")
2482 dev
[0].request("REMOVE_NETWORK all")
2484 logger
.info("Checking keys in memory after network profile removal")
2485 buf
= read_process_memory(pid
, pmk
)
2486 get_key_locations(buf
, pmk
, "PMK")
2488 verify_not_present(buf
, pmk
, fname
, "PMK")
2489 verify_not_present(buf
, kck
, fname
, "KCK")
2490 verify_not_present(buf
, kek
, fname
, "KEK")
2491 verify_not_present(buf
, tk
, fname
, "TK")
2492 verify_not_present(buf
, gtk
, fname
, "GTK")
2495 def test_ap_wpa2_psk_wep(dev
, apdev
):
2496 """WPA2-PSK AP and WEP enabled"""
2497 ssid
= "test-wpa2-psk"
2498 passphrase
= 'qwertyuiop'
2499 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
2500 hapd
= hostapd
.add_ap(apdev
[0], params
)
2502 hapd
.set('wep_key0', '"hello"')
2503 raise Exception("WEP key accepted to WPA2 network")
2507 def test_ap_wpa2_psk_wpas_in_bridge(dev
, apdev
):
2508 """WPA2-PSK AP and wpas interface in a bridge"""
2509 br_ifname
= 'sta-br0'
2512 _test_ap_wpa2_psk_wpas_in_bridge(dev
, apdev
)
2514 subprocess
.call(['ip', 'link', 'set', 'dev', br_ifname
, 'down'])
2515 subprocess
.call(['brctl', 'delif', br_ifname
, ifname
])
2516 subprocess
.call(['brctl', 'delbr', br_ifname
])
2517 subprocess
.call(['iw', ifname
, 'set', '4addr', 'off'])
2519 def _test_ap_wpa2_psk_wpas_in_bridge(dev
, apdev
):
2520 ssid
= "test-wpa2-psk"
2521 passphrase
= 'qwertyuiop'
2522 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
2523 hapd
= hostapd
.add_ap(apdev
[0], params
)
2525 br_ifname
= 'sta-br0'
2527 wpas
= WpaSupplicant(global_iface
='/tmp/wpas-wlan5')
2528 subprocess
.call(['brctl', 'addbr', br_ifname
])
2529 subprocess
.call(['brctl', 'setfd', br_ifname
, '0'])
2530 subprocess
.call(['ip', 'link', 'set', 'dev', br_ifname
, 'up'])
2531 subprocess
.call(['iw', ifname
, 'set', '4addr', 'on'])
2532 subprocess
.check_call(['brctl', 'addif', br_ifname
, ifname
])
2533 wpas
.interface_add(ifname
, br_ifname
=br_ifname
)
2536 wpas
.connect(ssid
, psk
=passphrase
, scan_freq
="2412")
2540 def test_ap_wpa2_psk_ifdown(dev
, apdev
):
2541 """AP with open mode and external ifconfig down"""
2542 ssid
= "test-wpa2-psk"
2543 passphrase
= 'qwertyuiop'
2544 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
2545 hapd
= hostapd
.add_ap(apdev
[0], params
)
2546 bssid
= apdev
[0]['bssid']
2548 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
2549 hapd
.cmd_execute(['ip', 'link', 'set', 'dev', apdev
[0]['ifname'], 'down'])
2550 ev
= hapd
.wait_event(["INTERFACE-DISABLED"], timeout
=10)
2552 raise Exception("No INTERFACE-DISABLED event")
2553 # this wait tests beacon loss detection in mac80211
2554 dev
[0].wait_disconnected()
2555 hapd
.cmd_execute(['ip', 'link', 'set', 'dev', apdev
[0]['ifname'], 'up'])
2556 ev
= hapd
.wait_event(["INTERFACE-ENABLED"], timeout
=10)
2558 raise Exception("No INTERFACE-ENABLED event")
2559 dev
[0].wait_connected()
2560 hwsim_utils
.test_connectivity(dev
[0], hapd
)
2562 def test_ap_wpa2_psk_drop_first_msg_4(dev
, apdev
):
2563 """WPA2-PSK and first EAPOL-Key msg 4/4 dropped"""
2564 bssid
= apdev
[0]['bssid']
2565 ssid
= "test-wpa2-psk"
2566 passphrase
= 'qwertyuiop'
2567 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2568 params
= hostapd
.wpa2_params(ssid
=ssid
)
2569 params
['wpa_psk'] = psk
2570 hapd
= hostapd
.add_ap(apdev
[0], params
)
2571 hapd
.request("SET ext_eapol_frame_io 1")
2572 dev
[0].request("SET ext_eapol_frame_io 1")
2573 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
2574 addr
= dev
[0].own_addr()
2577 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
2579 raise Exception("Timeout on EAPOL-TX from hostapd")
2580 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
2582 raise Exception("EAPOL_RX to wpa_supplicant failed")
2585 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
2587 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
2588 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
2590 raise Exception("EAPOL_RX to hostapd failed")
2593 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
2595 raise Exception("Timeout on EAPOL-TX from hostapd")
2596 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
2598 raise Exception("EAPOL_RX to wpa_supplicant failed")
2601 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
2603 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
2604 logger
.info("Drop the first EAPOL-Key msg 4/4")
2606 # wpa_supplicant believes now that 4-way handshake succeeded; hostapd
2607 # doesn't. Use normal EAPOL TX/RX to handle retries.
2608 hapd
.request("SET ext_eapol_frame_io 0")
2609 dev
[0].request("SET ext_eapol_frame_io 0")
2610 dev
[0].wait_connected()
2612 ev
= hapd
.wait_event(["AP-STA-CONNECTED"], timeout
=15)
2614 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
2616 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout
=0.1)
2618 logger
.info("Disconnection detected")
2619 # The EAPOL-Key retries are supposed to allow the connection to be
2620 # established without having to reassociate. However, this does not
2621 # currently work since mac80211 ends up encrypting EAPOL-Key msg 4/4
2622 # after the pairwise key has been configured and AP will drop those and
2623 # disconnect the station after reaching retransmission limit. Connection
2624 # is then established after reassociation. Once that behavior has been
2625 # optimized to prevent EAPOL-Key frame encryption for retransmission
2626 # case, this exception can be uncommented here.
2627 #raise Exception("Unexpected disconnection")
2630 def test_ap_wpa2_psk_disable_enable(dev
, apdev
):
2631 """WPA2-PSK AP getting disabled and re-enabled"""
2632 ssid
= "test-wpa2-psk"
2633 passphrase
= 'qwertyuiop'
2634 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2635 params
= hostapd
.wpa2_params(ssid
=ssid
)
2636 params
['wpa_psk'] = psk
2637 hapd
= hostapd
.add_ap(apdev
[0], params
)
2638 dev
[0].connect(ssid
, raw_psk
=psk
, scan_freq
="2412")
2641 hapd
.request("DISABLE")
2642 dev
[0].wait_disconnected()
2643 hapd
.request("ENABLE")
2644 dev
[0].wait_connected()
2645 hwsim_utils
.test_connectivity(dev
[0], hapd
)
2648 def test_ap_wpa2_psk_incorrect_passphrase(dev
, apdev
):
2649 """WPA2-PSK AP and station using incorrect passphrase"""
2650 ssid
= "test-wpa2-psk"
2651 passphrase
= 'qwertyuiop'
2652 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
2653 hapd
= hostapd
.add_ap(apdev
[0], params
)
2654 dev
[0].connect(ssid
, psk
="incorrect passphrase", scan_freq
="2412",
2656 ev
= hapd
.wait_event(["AP-STA-POSSIBLE-PSK-MISMATCH"], timeout
=10)
2658 raise Exception("No AP-STA-POSSIBLE-PSK-MISMATCH reported")
2659 dev
[0].dump_monitor()
2662 hapd
.set("wpa_passphrase", "incorrect passphrase")
2665 dev
[0].wait_connected(timeout
=20)
2668 def test_ap_wpa_ie_parsing(dev
, apdev
):
2669 """WPA IE parsing"""
2670 skip_with_fips(dev
[0])
2671 ssid
= "test-wpa-psk"
2672 passphrase
= 'qwertyuiop'
2673 params
= hostapd
.wpa_params(ssid
=ssid
, passphrase
=passphrase
)
2674 hapd
= hostapd
.add_ap(apdev
[0], params
)
2675 id = dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412",
2676 only_add_network
=True)
2678 tests
= ["dd040050f201",
2682 "dd070050f201010000",
2683 "dd080050f20101000050",
2684 "dd090050f20101000050f2",
2685 "dd0a0050f20101000050f202",
2686 "dd0b0050f20101000050f20201",
2687 "dd0c0050f20101000050f2020100",
2688 "dd0c0050f20101000050f2020000",
2689 "dd0c0050f20101000050f202ffff",
2690 "dd0d0050f20101000050f202010000",
2691 "dd0e0050f20101000050f20201000050",
2692 "dd0f0050f20101000050f20201000050f2",
2693 "dd100050f20101000050f20201000050f202",
2694 "dd110050f20101000050f20201000050f20201",
2695 "dd120050f20101000050f20201000050f2020100",
2696 "dd120050f20101000050f20201000050f2020000",
2697 "dd120050f20101000050f20201000050f202ffff",
2698 "dd130050f20101000050f20201000050f202010000",
2699 "dd140050f20101000050f20201000050f20201000050",
2700 "dd150050f20101000050f20201000050f20201000050f2"]
2703 if "OK" not in dev
[0].request("VENDOR_ELEM_ADD 13 " + t
):
2704 raise Exception("VENDOR_ELEM_ADD failed")
2705 dev
[0].select_network(id)
2706 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
2708 raise Exception("Association rejection not reported")
2709 dev
[0].request("DISCONNECT")
2710 dev
[0].dump_monitor()
2712 dev
[0].request("VENDOR_ELEM_REMOVE 13 *")
2714 tests
= ["dd170050f20101000050f20201000050f20201000050f202ff",
2715 "dd180050f20101000050f20201000050f20201000050f202ffff",
2716 "dd190050f20101000050f20201000050f20201000050f202ffffff"]
2719 if "OK" not in dev
[0].request("VENDOR_ELEM_ADD 13 " + t
):
2720 raise Exception("VENDOR_ELEM_ADD failed")
2721 dev
[0].select_network(id)
2722 ev
= dev
[0].wait_event(['CTRL-EVENT-CONNECTED',
2723 'WPA: 4-Way Handshake failed'], timeout
=10)
2725 raise Exception("Association failed unexpectedly")
2726 dev
[0].request("DISCONNECT")
2727 dev
[0].dump_monitor()
2729 dev
[0].request("VENDOR_ELEM_REMOVE 13 *")
2732 def test_ap_wpa2_psk_no_random(dev
, apdev
):
2733 """WPA2-PSK AP and no random numbers available"""
2734 ssid
= "test-wpa2-psk"
2735 passphrase
= 'qwertyuiop'
2736 psk
= '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2737 params
= hostapd
.wpa2_params(ssid
=ssid
)
2738 params
['wpa_psk'] = psk
2739 hapd
= hostapd
.add_ap(apdev
[0], params
)
2740 with
fail_test(hapd
, 1, "wpa_gmk_to_gtk"):
2741 id = dev
[0].connect(ssid
, raw_psk
=psk
, scan_freq
="2412",
2743 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout
=15)
2745 raise Exception("Disconnection event not reported")
2746 dev
[0].request("DISCONNECT")
2747 dev
[0].select_network(id, freq
=2412)
2748 dev
[0].wait_connected()
2751 def test_rsn_ie_proto_psk_sta(dev
, apdev
):
2752 """RSN element protocol testing for PSK cases on STA side"""
2753 bssid
= apdev
[0]['bssid']
2754 ssid
= "test-wpa2-psk"
2755 passphrase
= 'qwertyuiop'
2756 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
2757 # This is the RSN element used normally by hostapd
2758 params
['own_ie_override'] = '30140100000fac040100000fac040100000fac020c00'
2759 hapd
= hostapd
.add_ap(apdev
[0], params
)
2760 if "FAIL" not in hapd
.request("SET own_ie_override qwerty"):
2761 raise Exception("Invalid own_ie_override value accepted")
2762 id = dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
2764 tests
= [('No RSN Capabilities field',
2765 '30120100000fac040100000fac040100000fac02'),
2766 ('Reserved RSN Capabilities bits set',
2767 '30140100000fac040100000fac040100000fac023cff'),
2768 ('Truncated RSN Capabilities field',
2769 '30130100000fac040100000fac040100000fac023c'),
2770 ('Extra pairwise cipher suite (unsupported)',
2771 '30180100000fac040200ffffffff000fac040100000fac020c00'),
2772 ('Extra AKM suite (unsupported)',
2773 '30180100000fac040100000fac040200ffffffff000fac020c00'),
2774 ('PMKIDCount field included',
2775 '30160100000fac040100000fac040100000fac020c000000'),
2776 ('Truncated PMKIDCount field',
2777 '30150100000fac040100000fac040100000fac020c0000'),
2778 ('Unexpected Group Management Cipher Suite with PMF disabled',
2779 '301a0100000fac040100000fac040100000fac020c000000000fac06'),
2780 ('Extra octet after defined fields (future extensibility)',
2781 '301b0100000fac040100000fac040100000fac020c000000000fac0600')]
2782 for txt
, ie
in tests
:
2783 dev
[0].request("DISCONNECT")
2784 dev
[0].wait_disconnected()
2785 dev
[0].dump_monitor()
2786 dev
[0].request("NOTE " + txt
)
2789 hapd
.set('own_ie_override', ie
)
2791 dev
[0].request("BSS_FLUSH 0")
2792 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2793 dev
[0].select_network(id, freq
=2412)
2794 dev
[0].wait_connected()
2797 def test_ap_cli_order(dev
, apdev
):
2798 ssid
= "test-rsn-setup"
2799 passphrase
= 'zzzzzzzz'
2801 hapd
= hostapd
.add_ap(apdev
[0], {}, no_enable
=True)
2802 hapd
.set('ssid', ssid
)
2803 hapd
.set('wpa_passphrase', passphrase
)
2804 hapd
.set('rsn_pairwise', 'CCMP')
2805 hapd
.set('wpa_key_mgmt', 'WPA-PSK')
2806 hapd
.set('wpa', '2')
2808 cfg
= hapd
.get_config()
2809 if cfg
['group_cipher'] != 'CCMP':
2810 raise Exception("Unexpected group_cipher: " + cfg
['group_cipher'])
2811 if cfg
['rsn_pairwise_cipher'] != 'CCMP':
2812 raise Exception("Unexpected rsn_pairwise_cipher: " + cfg
['rsn_pairwise_cipher'])
2814 ev
= hapd
.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout
=30)
2816 raise Exception("AP startup timed out")
2817 if "AP-ENABLED" not in ev
:
2818 raise Exception("AP startup failed")
2820 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
2822 def set_test_assoc_ie(dev
, ie
):
2823 if "OK" not in dev
.request("TEST_ASSOC_IE " + ie
):
2824 raise Exception("Could not set TEST_ASSOC_IE")
2827 def test_ap_wpa2_psk_assoc_rsn(dev
, apdev
):
2828 """WPA2-PSK AP and association request RSN IE differences"""
2829 ssid
= "test-wpa2-psk"
2830 passphrase
= 'qwertyuiop'
2831 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
2832 hapd
= hostapd
.add_ap(apdev
[0], params
)
2834 tests
= [("Normal wpa_supplicant assoc req RSN IE",
2835 "30140100000fac040100000fac040100000fac020000"),
2836 ("RSN IE without RSN Capabilities",
2837 "30120100000fac040100000fac040100000fac02")]
2838 for title
, ie
in tests
:
2840 set_test_assoc_ie(dev
[0], ie
)
2841 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
2842 dev
[0].request("REMOVE_NETWORK all")
2843 dev
[0].wait_disconnected()
2845 tests
= [("WPA IE instead of RSN IE and only RSN enabled on AP",
2846 "dd160050f20101000050f20201000050f20201000050f202", 40),
2847 ("Empty RSN IE", "3000", 40),
2848 ("RSN IE with truncated Version", "300101", 40),
2849 ("RSN IE with only Version", "30020100", 43)]
2850 for title
, ie
, status
in tests
:
2852 set_test_assoc_ie(dev
[0], ie
)
2853 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412",
2855 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
2857 raise Exception("Association rejection not reported")
2858 if "status_code=" + str(status
) not in ev
:
2859 raise Exception("Unexpected status code: " + ev
)
2860 dev
[0].request("REMOVE_NETWORK all")
2861 dev
[0].dump_monitor()
2863 def test_ap_wpa2_psk_ft_workaround(dev
, apdev
):
2864 """WPA2-PSK+FT AP and workaround for incorrect STA behavior"""
2865 ssid
= "test-wpa2-psk-ft"
2866 passphrase
= 'qwertyuiop'
2868 params
= {"wpa": "2",
2869 "wpa_key_mgmt": "FT-PSK WPA-PSK",
2870 "rsn_pairwise": "CCMP",
2872 "wpa_passphrase": passphrase
}
2873 params
["mobility_domain"] = "a1b2"
2874 params
["r0_key_lifetime"] = "10000"
2875 params
["pmk_r1_push"] = "1"
2876 params
["reassociation_deadline"] = "1000"
2877 params
['nas_identifier'] = "nas1.w1.fi"
2878 params
['r1_key_holder'] = "000102030405"
2879 hapd
= hostapd
.add_ap(apdev
[0], params
)
2881 # Include both WPA-PSK and FT-PSK AKMs in Association Request frame
2882 set_test_assoc_ie(dev
[0],
2883 "30180100000fac040100000fac040200000fac02000fac040000")
2884 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
2885 dev
[0].request("REMOVE_NETWORK all")
2886 dev
[0].wait_disconnected()
2888 def test_ap_wpa2_psk_assoc_rsn_pmkid(dev
, apdev
):
2889 """WPA2-PSK AP and association request RSN IE with PMKID"""
2890 ssid
= "test-wpa2-psk"
2891 passphrase
= 'qwertyuiop'
2892 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
2893 hapd
= hostapd
.add_ap(apdev
[0], params
)
2895 set_test_assoc_ie(dev
[0], "30260100000fac040100000fac040100000fac0200000100" + 16*'00')
2896 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
2897 dev
[0].request("REMOVE_NETWORK all")
2898 dev
[0].wait_disconnected()
2900 def test_ap_wpa_psk_rsn_pairwise(dev
, apdev
):
2901 """WPA-PSK AP and only rsn_pairwise set"""
2902 params
= {"ssid": "wpapsk", "wpa": "1", "wpa_key_mgmt": "WPA-PSK",
2903 "rsn_pairwise": "TKIP", "wpa_passphrase": "1234567890"}
2904 hapd
= hostapd
.add_ap(apdev
[0], params
)
2905 dev
[0].connect("wpapsk", psk
="1234567890", proto
="WPA", pairwise
="TKIP",
2908 def test_ap_wpa2_eapol_retry_limit(dev
, apdev
):
2909 """WPA2-PSK EAPOL-Key retry limit configuration"""
2910 ssid
= "test-wpa2-psk"
2911 passphrase
= 'qwertyuiop'
2912 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
2913 params
['wpa_ptk_rekey'] = '2'
2914 params
['wpa_group_update_count'] = '1'
2915 params
['wpa_pairwise_update_count'] = '1'
2916 hapd
= hostapd
.add_ap(apdev
[0], params
)
2917 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
2918 ev
= dev
[0].wait_event(["WPA: Key negotiation completed"])
2920 raise Exception("PTK rekey timed out")
2922 if "FAIL" not in hapd
.request("SET wpa_group_update_count 0"):
2923 raise Exception("Invalid wpa_group_update_count value accepted")
2924 if "FAIL" not in hapd
.request("SET wpa_pairwise_update_count 0"):
2925 raise Exception("Invalid wpa_pairwise_update_count value accepted")
2927 def test_ap_wpa2_disable_eapol_retry(dev
, apdev
):
2928 """WPA2-PSK disable EAPOL-Key retry"""
2929 ssid
= "test-wpa2-psk"
2930 passphrase
= 'qwertyuiop'
2931 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
2932 params
['wpa_disable_eapol_key_retries'] = '1'
2933 hapd
= hostapd
.add_ap(apdev
[0], params
)
2934 bssid
= apdev
[0]['bssid']
2936 logger
.info("Verify working 4-way handshake without retries")
2937 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
2938 dev
[0].request("REMOVE_NETWORK all")
2939 dev
[0].wait_disconnected()
2940 dev
[0].dump_monitor()
2941 addr
= dev
[0].own_addr()
2943 logger
.info("Verify no retransmission of message 3/4")
2944 hapd
.request("SET ext_eapol_frame_io 1")
2945 dev
[0].request("SET ext_eapol_frame_io 1")
2946 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
2948 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=5)
2950 raise Exception("Timeout on EAPOL-TX (M1) from hostapd")
2951 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=5)
2953 raise Exception("Timeout on EAPOL-TX (M1 retry) from hostapd")
2954 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
2956 raise Exception("EAPOL_RX (M1) to wpa_supplicant failed")
2957 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=5)
2959 raise Exception("Timeout on EAPOL-TX (M2) from wpa_supplicant")
2960 dev
[0].dump_monitor()
2961 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
2963 raise Exception("EAPOL_RX (M2) to hostapd failed")
2965 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=5)
2967 raise Exception("Timeout on EAPOL-TX (M3) from hostapd")
2968 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=2)
2970 raise Exception("Unexpected EAPOL-TX M3 retry from hostapd")
2971 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout
=3)
2973 raise Exception("Disconnection not reported")
2974 dev
[0].request("REMOVE_NETWORK all")
2975 dev
[0].dump_monitor()
2977 def test_ap_wpa2_disable_eapol_retry_group(dev
, apdev
):
2978 """WPA2-PSK disable EAPOL-Key retry for group handshake"""
2979 ssid
= "test-wpa2-psk"
2980 passphrase
= 'qwertyuiop'
2981 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
2982 params
['wpa_disable_eapol_key_retries'] = '1'
2983 params
['wpa_strict_rekey'] = '1'
2984 hapd
= hostapd
.add_ap(apdev
[0], params
)
2985 bssid
= apdev
[0]['bssid']
2987 id = dev
[1].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
2988 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
2989 dev
[0].dump_monitor()
2990 addr
= dev
[0].own_addr()
2992 dev
[1].request("DISCONNECT")
2993 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
2995 raise Exception("GTK rekey timed out")
2996 dev
[1].request("RECONNECT")
2997 dev
[1].wait_connected()
2998 dev
[0].dump_monitor()
3000 hapd
.request("SET ext_eapol_frame_io 1")
3001 dev
[0].request("SET ext_eapol_frame_io 1")
3002 dev
[1].request("DISCONNECT")
3004 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=5)
3006 raise Exception("Timeout on EAPOL-TX (group M1) from hostapd")
3007 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=2)
3009 raise Exception("Unexpected EAPOL-TX group M1 retry from hostapd")
3010 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout
=3)
3012 raise Exception("Disconnection not reported")
3013 dev
[0].request("REMOVE_NETWORK all")
3014 dev
[0].dump_monitor()
3016 def test_ap_wpa2_psk_mic_0(dev
, apdev
):
3017 """WPA2-PSK/TKIP and MIC=0 in EAPOL-Key msg 3/4"""
3018 bssid
= apdev
[0]['bssid']
3019 ssid
= "test-wpa2-psk"
3020 passphrase
= 'qwertyuiop'
3021 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
=passphrase
)
3022 params
['rsn_pairwise'] = "TKIP"
3023 hapd
= hostapd
.add_ap(apdev
[0], params
)
3024 hapd
.request("SET ext_eapol_frame_io 1")
3025 dev
[0].request("SET ext_eapol_frame_io 1")
3026 dev
[0].connect(ssid
, psk
=passphrase
, scan_freq
="2412", wait_connect
=False)
3027 addr
= dev
[0].own_addr()
3030 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
3032 raise Exception("Timeout on EAPOL-TX from hostapd")
3033 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + ev
.split(' ')[2])
3035 raise Exception("EAPOL_RX to wpa_supplicant failed")
3038 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
3040 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
3041 res
= hapd
.request("EAPOL_RX " + addr
+ " " + ev
.split(' ')[2])
3043 raise Exception("EAPOL_RX to hostapd failed")
3044 dev
[0].dump_monitor()
3047 ev
= hapd
.wait_event(["EAPOL-TX"], timeout
=15)
3049 raise Exception("Timeout on EAPOL-TX from hostapd")
3050 msg3
= ev
.split(' ')[2]
3051 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg3
)
3053 raise Exception("EAPOL_RX to wpa_supplicant failed")
3056 ev
= dev
[0].wait_event(["EAPOL-TX"], timeout
=15)
3058 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
3059 # Do not send to the AP
3061 # EAPOL-Key msg 3/4 with MIC=0 and modifications
3062 eapol_hdr
= msg3
[0:8]
3063 key_type
= msg3
[8:10]
3064 key_info
= msg3
[10:14]
3065 key_length
= msg3
[14:18]
3066 replay_counter
= msg3
[18:34]
3067 key_nonce
= msg3
[34:98]
3068 key_iv
= msg3
[98:130]
3069 key_rsc
= msg3
[130:146]
3070 key_id
= msg3
[146:162]
3071 key_mic
= msg3
[162:194]
3072 key_data_len
= msg3
[194:198]
3073 key_data
= msg3
[198:]
3075 msg3b
= eapol_hdr
+ key_type
3076 msg3b
+= "12c9" # Clear MIC bit from key_info (originally 13c9)
3078 msg3b
+= '0000000000000003'
3079 msg3b
+= key_nonce
+ key_iv
+ key_rsc
+ key_id
3080 msg3b
+= 32*'0' # Clear MIC value
3081 msg3b
+= key_data_len
+ key_data
3082 dev
[0].dump_monitor()
3083 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + msg3b
)
3085 raise Exception("EAPOL_RX to wpa_supplicant failed")
3086 ev
= dev
[0].wait_event(["EAPOL-TX", "WPA: Ignore EAPOL-Key"], timeout
=2)
3088 raise Exception("No event from wpa_supplicant")
3089 if "EAPOL-TX" in ev
:
3090 raise Exception("Unexpected EAPOL-Key message from wpa_supplicant")
3091 dev
[0].request("DISCONNECT")